Hackthebox: emdee five for life challenge is based on python scripting as how fast a request can be sent and stuff can be automated. For this challenge, I had to go through the forum threads on hackthebox because this challenge is pretty straight forward. You can’t be slow!

Let’s begin with the walkthrough:

Once you start the instance and enter the website. You will see a string which you have to encrypt with MD5 and submit.

So I did! Below is the response that I got…

Too Slow!

Well, I did try that a lot of times, but still got the same response.
I tried using Dirb, but it doesn’t gave much info.
I looked at the header using Burpsuite. I thought I can tweak PHPSESID somehow, but no luck on that.

So I searched around and checked the hackthebox forum for this level. I read a comment saying a “Python -> requests,hashlib,BeautifulSoup,Google ” and I created this script:

import hashlib
import requests
from bs4 import BeautifulSoup

url='http://docker.hackthebox.eu:30118'

s=requests.Session()	
r =s.get(url)
if r.status_code == 200:
	soup =BeautifulSoup(r.content, "html.parser")
	fin=soup.find('h3')
	tex=fin.text

h=hashlib.md5()
h.update(tex)
ha=h.hexdigest()

print(s.post(url,data={'hash':ha}).text)


The Above script gave me the flag!

Checkout hackthebox Grammer walkthrough post: http://www.anonhack.in/2020/03/hackthebox-grammar-walkthrough/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: