Welcome to my first hackthebox blog! Today I will be covering one of the web challenges: Emdee Five for Life.
When I went to the web page of the target box, it tells us to MD5 encrypt the shown random string and submit it through the input field.
So, I MD5ed the given string and submitted it; however, I got “Too slow!” error message. I tried it a couple of more times, but how fast I tried to submit encrypted string, I kept getting the same error (A man power is garbage at this point). I quickly realized that I must script this process so that I can submit the encrypted string as soon as I GET request the web page.
For this, I will be using Python and its
re is a regular express library that we will be using it to select a random string from the web request.
#1 — GET Request
I created the following Python script to capture the GET request from the target box:
Nice. We can now successfully capture the GET request with our script. Our next step is to strip unnecessary HTML contents and split a random string from it.
#2 — Strip HTML
The following script to strip all the unnecessary HTML tags:
Sweet. All the garbage is gone now, and now we just need to split a random string from the output.
#3 — Split the Random String
The following script to retrieve the random string from the above output:
Nice! Now we can output only the random sting. Our next step is to MD5 encrypt the string and POST request to submit it.
#4 — MD5 Encrypt
We can use the
hashlib library to encrypt our string:
Cool. Now our output is MD5 encrypted. Our final stage it to POST request this to submit to our target server. This will hopefully give us the flag.
#5 — POST Request
Before we continue scripting our exploit, we need to check the POST request parameters. We can simply achieve this using Burp Proxy:
So, When I captured the POST request of submitting the string, we can see that it is posted with
hash= parameter. Now we need to modify our exploit to submit the encrypted string with
hash= parameter as a POST request.
Perfect! Our exploit script worked, and we were able to successfully retrieve the flag from the challenge. I’m pretty sure there should be more elegant ways to solve this challenge; however, I wanted to show the thought process to solve CTF style web challenge with simple scripting. :)
I hope you enjoyed my writeup of the Emdee Five for Life web challenge! I will come back with more HTB writeups. Thank you!