Skip to content
This repository has been archived by the owner on Jan 18, 2024. It is now read-only.
/ wildPwn Public archive

Brute forcer and shell deployer for WildFly

License

Notifications You must be signed in to change notification settings

hlldz/wildPwn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

wildPwn - WildFly Exploitation Tool

It is a tool for WildFly. Tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.

Usage

Bruteforce

python wildPwn.py -m brute --target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST> 

Shell Deploy

python wildPwn.py -m deploy --target <TARGET> --port <PORT> -u <USERNAME> -p <PASSWORD>

Details

https://artofpwn.com/wildfly-exploitation.html

Video

PoC Video

Nmap Scripts

Detection

nmap --script wildfly-detect <TARGET>

Brute Force

nmap -p 9990 --script wildfly-brute --script-args "userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com" <TARGET>

About

Brute forcer and shell deployer for WildFly

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages