Hackthebox: emdee five for life challenge is based on python scripting as how fast a request can be sent and stuff can be automated. For this challenge, I had to go through the forum threads on hackthebox because this challenge is pretty straight forward. You can’t be slow!
Let’s begin with the walkthrough:
Once you start the instance and enter the website. You will see a string which you have to encrypt with MD5 and submit.
So I did! Below is the response that I got…
Too Slow!
Well, I did try that a lot of times, but still got the same response.
I tried using Dirb, but it doesn’t gave much info.
I looked at the header using Burpsuite. I thought I can tweak PHPSESID somehow, but no luck on that.
So I searched around and checked the hackthebox forum for this level. I read a comment saying a “Python -> requests,hashlib,BeautifulSoup,Google ” and I created this script:
import hashlib import requests from bs4 import BeautifulSoup url='http://docker.hackthebox.eu:30118' s=requests.Session() r =s.get(url) if r.status_code == 200: soup =BeautifulSoup(r.content, "html.parser") fin=soup.find('h3') tex=fin.text h=hashlib.md5() h.update(tex) ha=h.hexdigest() print(s.post(url,data={'hash':ha}).text)
The Above script gave me the flag!
Checkout hackthebox Grammer walkthrough post: http://www.anonhack.in/2020/03/hackthebox-grammar-walkthrough/