Hackthebox: emdee five for life challenge is based on python scripting as how fast a request can be sent and stuff can be automated. For this challenge, I had to go through the forum threads on hackthebox because this challenge is pretty straight forward. You can’t be slow!
Let’s begin with the walkthrough:
Once you start the instance and enter the website. You will see a string which you have to encrypt with MD5 and submit.
So I did! Below is the response that I got…
Too Slow!
Well, I did try that a lot of times, but still got the same response.
I tried using Dirb, but it doesn’t gave much info.
I looked at the header using Burpsuite. I thought I can tweak PHPSESID somehow, but no luck on that.
So I searched around and checked the hackthebox forum for this level. I read a comment saying a “Python -> requests,hashlib,BeautifulSoup,Google ” and I created this script:
import hashlib
import requests
from bs4 import BeautifulSoup
url='http://docker.hackthebox.eu:30118'
s=requests.Session()
r =s.get(url)
if r.status_code == 200:
soup =BeautifulSoup(r.content, "html.parser")
fin=soup.find('h3')
tex=fin.text
h=hashlib.md5()
h.update(tex)
ha=h.hexdigest()
print(s.post(url,data={'hash':ha}).text)
The Above script gave me the flag!
Checkout hackthebox Grammer walkthrough post: http://www.anonhack.in/2020/03/hackthebox-grammar-walkthrough/