#!/usr/bin/env python3
import requests
import urllib3
urllib3.disable_warnings()

BASE_URL = "https://vulnerability-research-dbfd88d4dab49dc2.chals.uoftctf.org"

r = requests.get(BASE_URL + "/admin", verify=False)
print(f"Status: {r.status_code}")
print(f"Length: {len(r.text)}")

# Save
with open("admin_page.html", "w", encoding="utf-8") as f:
    f.write(r.text)

# Check for interesting strings
for keyword in ["password", "login", "upload", "file", "eval", "exec"]:
    if keyword in r.text.lower():
        print(f"[+] Found keyword: {keyword}")

# Look for forms
import re
forms = re.findall(r'<form[^>]*>.*?</form>', r.text, re.DOTALL)
print(f"\n[*] Found {len(forms)} forms")

if "uoftctf" in r.text.lower():
    print("\n[!!!] FLAG FOUND IN ADMIN PAGE!")
    idx = r.text.lower().find("uoftctf")
    print(r.text[idx:idx+100])