2. ABOUT ME
• Name: ADITYA KAMAT
• 3rd year BE student at BMSCE.
• Very passionate about cyber security (Just a beginner).
3. OVERVIEW
• Scan a machine to check for open ports and the
services running on it.
• Exploit the application/service.
• Get access to a shell with basic privileges.
4. APACHE HTTP SERVER
VS
APACHE TOMCAT
• Tomcat – Java and HTTP server – C.
• Apache Tomcat is used to deploy your Java Servlets
and JSPs in the form of a WAR(Web ARchive).
• PHP, HTML, JS, etc. can be run on a HTTP server.
5. A LITTLE ABOUT AXIS2 …
• A core engine for web services.
• Available in java and C
• Allows the addition of Web services interfaces to
Web applications.
• It can also be used as a standalone server
application.
6. WHAT ARE WE EXPLOITING ?
• Proxy service on Apache Axis2 located at
http://vulnerable/axis2/services/ProxyService/get
?uri=.
• Tomcat manager application located
at http://vulnerable/manager/html.
7. AIM ?
• Exploit a vulnerability in Axis2 to get the login
credentials for tomcat manager present at
/etc/tomcat6/tomcat-users.xml .
• Login to tomcat manager application using those
credentials.
• Upload a simple jsp shell and demonstrate a few
commands.
8. EXPLAINATION OF THE SHELL
• if (request.getParameter("x") != null)
• Process p =
Runtime.getRuntime().exec(request.getParameter("x"));
• while (disr != null) {
out.println(disr);
disr = dis.readLine();
}