i have already tried the same after reading the python code :

def exploit(url, cmd, dont_print_status_on_console=False): url = url_prepare(url) if dont_print_status_on_console is False: print(‘\n[*] URL: %s’ % (url)) print(‘[*] CMD: %s’ % (cmd)) cmd = “”.join([“<string>{0}</string>”.format(_) for _ in cmd.split(“ “)])
https://github.com/mazen160/struts-pwn_CVE-2017-9805/blob/master/struts-pwn.py

don’t but powershell not launching i event tried to see the process using process explorer . however when i put powershell as standalone string it create a process under tomcat !! i wonder where i am going wrong