Brute forcer and shell deployer for WildFly
Clone or download
hlldz Merge pull request #3 from TheKalin/master
Added Proxy&Request Timeout Support
Latest commit fae4fb6 Mar 10, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Nmap Scripts Add files via upload May 6, 2017
.gitignore Initial commit Apr 23, 2016
LICENSE Initial commit Apr 23, 2016
README.md Update README.md May 25, 2017
passList.txt Added files via upload Apr 23, 2016
userList.txt Added files via upload Apr 23, 2016
wildPwn.py Proxy & request timeout support Mar 5, 2018
wildPwn.war Added files via upload Apr 23, 2016

README.md

wildPwn - WildFly Exploitation Tool

It is a tool for WildFly. Tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.

Usage

Bruteforce

python wildPwn.py -m brute --target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST> 

Shell Deploy

python wildPwn.py -m deploy --target <TARGET> --port <PORT> -u <USERNAME> -p <PASSWORD>

Details

https://artofpwn.com/wildfly-exploitation.html

Video

PoC Video

Nmap Scripts

Detection

nmap --script wildfly-detect <TARGET>

Brute Force

nmap -p 9990 --script wildfly-brute --script-args "userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com" <TARGET>