Pentester Lab: Axis2 Web service and Tomcat Manager

  • Name: Pentester Lab: Axis2 Web service and Tomcat Manager
  • Date release: 15 Jan 2013

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 221 MB)


(Size: 216 MB)




This exercice explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution.

What you will learn?

  • Axis2 Web service
  • Writing a WebShell in JSP (Java)
  • Attacking the Tomcat Manager

  • Filename: axis2_and_tomcat_manager_i386.iso
  • File size: 221 MB
  • MD5: 2136A9D0118CAB84B2D1B6CDBAEC01A0
  • SHA1: 40E6FA8F918CA36FCB65E1D2C0156434524D1C01

  • Filename: _axis2_and_tomcat_manager.iso
  • File size: 216 MB
  • MD5: B0F6C84998B5D7F583725C076FCE6C92
  • SHA1: 5A9A2148812701F4770ADD095D8F344735DBAD43

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign