Apache Axis2 is a W eb services support the core engine. AXIS2 of old AXIS redesigned and rewritten, and is available in two languages Java and C development version.
In fact AXIS2 not only provides Web services for the WEB application interface, and it can also be viewed as a separate server, and it's easy with Apache Tomcat integration, the latest version is 1.6.2 AXIS2.
Axis is an open source, XML-based Web services architecture. Initially developed by IBM, called the IBM-SOAP. And later by the Apache Foundation launched the AXIS on the basis of SOAP. AXIS nature is written in a language Java SOAP engine. We can use it in a variety of distributed applications, so that each application can operate with one another, interaction.
Axis2 host of web services to build recognition is http, probably can not be identified by fingerprints nmap
figure 1
figure 2
A map in the background address can not be determined, not try to sweep directory
Figure II Click Administration will jump directly to the background
Address background shaped like: http: //127.0.0.1/axis2-admin/
Try the default password admin axis2
Directly into the background "upload service" getshell
Process: https://www.tuicool.com/articles/iuQfuqz
cat.arr:http://javaweb.org/?p=1548
Simply record it