wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)
WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms. WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version 2.1.
It is a tool for WildFly. Tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.
Usage
Bruteforce
python wildPwn.py -m brute --target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST>
Shell Deploypython wildPwn.py -m deploy --target <TARGET> --port <PORT> -u <USERNAME> -p <PASSWORD>
Nmap Scripts
Detection
nmap --script wildfly-detect <TARGET>
Brute Forcenmap -p 9990 --script wildfly-brute --script-args "userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com" <TARGET>
Video
More details: https://artofpwn.com/wildfly-exploitation.html
wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)
Reviewed by Zion3R
on
5:19 PM
Rating: