Metasploitable3: Exploiting Axis2 vulerability


Apache Axis2™ is a Web Services / SOAP / WSDL engine, the successor to the widely used Apache Axis SOAP stack. There are two implementations of the Apache Axis2 Web services engine – Apache Axis2/Java and Apache Axis2/C.

Metasploitable3 is a VM that is built from the ground up with a large number of security vulnerabilities. It is intended to be used as a target for testing exploits with Metasploit.

Penetration Testing

  1. Installing Nessus, please visit here. Scanning vulnerability using Nessus.screenshot-from-2016-11-28-16-30-25
  2. Using exploit/multi/http/axis2_deployer module on Metasploit
    This module logs in to an Axis2 Web Admin Module instance using a specific user/pass and uploads and executes commands via deploying a malicious web service by using SOAP.


  3. Enjoy!