Exploit Notes

JBOSS Pentesting

Last modified: 2023-03-26

Web

JBOSS AS (Application Server), also known as WildFly, is an application server which is written in Java.

Enumeration

msfconsole
msf > use auxiliary/scanner/http/jboss_vulnscan

Common Directories

/admin-console/
/jbossws/
/jmx-console/
/management
/manager
/web-console/

Default Credentials

admin:admin

Tools by HDKS

Fuzzagotchi

Automatic web fuzzer.

aut0rec0n

Auto reconnaissance CLI.

Hash Cracker

Hash identifier.