This code exploit CVE-2018-15133 and it is based on kosmiz's PoC and Metasploit's exploit for this vulnerability. I pretty much just did this for a box in Hack The Box, because I did not want to use Metasploit at the moment and as a excuse for practicing Python.

From the CVE's Description:

In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.

Install dependencies:

pip install -r requirements.txt

usage: pwn_laravel.py [-h] [-c COMMAND] [-m {1,2,3,4}] [-i] URL API_KEY

This code was created for educational use not anything illegal. Whatever you do it's your own responsibility.

• kozmic's PoC in PHP
• Metasploit exploit in Ruby
• Pull request of fix by Laravel
• CVE-2018-15133