summary

HackTheBox Website CTF shooting range Web Related topics Emdee five for life, Title address https://app.hackthebox.com/challenges/emdee-five-for-life, Mainly for Web Script development ability of page access and submission data .

subject

Title Overview

The title prompt is Can you encrypt fast enough?, After opening the program instance , Prompt to visit 167.99.202.131:30306, visit http://167.99.202.131:30306, See the following Web Interface

That is, the title gives a random string , Request to get this random string and md5 hash , And fill the hash value into the input box , But there are requirements for time , If the submission is too slow, it will fail .

Question answer

After trying , After manual acquisition md5 Processing resubmission must timeout , You need to use scripts to deal with , Use here Python, The main use of requests、BeautifulSoup、hashlib Three libraries .

import requests
from bs4 import BeautifulSoup
from hashlib import md5

url = 'http://167.99.202.131:30306/'

with requests.Session() as session:
    with session.get(url) as rt:
        soup = BeautifulSoup(rt.text, 'html.parser')
        target_str = soup.find('h3').text
        md5_str = md5(target_str).hexdigest()
        args = {'hash': md5_str}
        with session.post(url, data=args) as rt2:
            print(rt2.content)

• among requests The library is used to pass through GET Method to visit the website , And pass POST Method submit data , Here we need to pay attention to maintaining the same session , That is, random strings and hash Values remain in the same session , adopt requests.Session() Realization .
• BeautifulSoup analysis GET Results and extracts random strings .
• hashlib Used to modify random strings md5 hash .

Run script , Include... In the returned result flag