CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/documentation/modules/auxiliary/scanner/http/axis_login.md
Views: 1904
Vulnerable Application
This module attempts to login to an Apache Axis2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options. It has been verified to work on at least versions 1.4.1 and 1.6.2.
Verification Steps
Start msfconsole
Do:
use auxiliary/scanner/http/axis_login
Do: set usernames and passwords via the
username
andpassword
options, or pass a list viauser_file
andpass_file
optionsDo:
run
Hopefully you see somthing like this:
Options
List each option and how to use it.
BLANK_PASSWORDS
Try blank passwords for all users
BLANK_PASSWORD
Set to true
if an additional login attempt should be made with an empty password for every user.
BRUTEFORCE_SPEED
How fast to bruteforce, from 0 to 5
DB_ALL_CREDS
Try each user/password couple stored in the current database
DB_ALL_PASS
Add all passwords in the current database to the list
DB_ALL_USERS
Add all users in the current database to the list
DB_SKIP_EXISTING
Skip existing credentials stored in the current database (Accepted: none, user, user&realm)
PASSWORD
A specific password to authenticate with
PASS_FILE
File containing passwords, one per line
STOP_ON_SUCCESS
Stop guessing when a credential works for a host
THREADS
The number of concurrent threads (max one per host)
USERPASS_FILE
File containing users and passwords separated by space, one pair per line
USER_FILE
File containing usernames, one per line
VERBOSE
Whether to print output for all attempts
VHOST
HTTP server virtual host
Scenarios
Specific demo of using the module that might be useful in a real world scenario.