当前位置:网站首页>HackTheBox-Emdee five for life
HackTheBox-Emdee five for life
2022-07-06 14:52:00 【galaxy3000】
List of articles
summary
HackTheBox Website CTF shooting range Web Related topics Emdee five for life, Title address https://app.hackthebox.com/challenges/emdee-five-for-life, Mainly for Web Script development ability of page access and submission data .
subject
Title Overview
The title prompt is Can you encrypt fast enough?, After opening the program instance , Prompt to visit 167.99.202.131:30306
, visit http://167.99.202.131:30306, See the following Web Interface
That is, the title gives a random string , Request to get this random string and md5 hash , And fill the hash value into the input box , But there are requirements for time , If the submission is too slow, it will fail .
Question answer
After trying , After manual acquisition md5 Processing resubmission must timeout , You need to use scripts to deal with , Use here Python, The main use of requests、BeautifulSoup、hashlib Three libraries .
import requests
from bs4 import BeautifulSoup
from hashlib import md5
url = 'http://167.99.202.131:30306/'
with requests.Session() as session:
with session.get(url) as rt:
soup = BeautifulSoup(rt.text, 'html.parser')
target_str = soup.find('h3').text
md5_str = md5(target_str).hexdigest()
args = {'hash': md5_str}
with session.post(url, data=args) as rt2:
print(rt2.content)
- among requests The library is used to pass through GET Method to visit the website , And pass POST Method submit data , Here we need to pay attention to maintaining the same session , That is, random strings and hash Values remain in the same session , adopt
requests.Session()
Realization . - BeautifulSoup analysis GET Results and extracts random strings .
- hashlib Used to modify random strings md5 hash .
Run script , Include... In the returned result flag
边栏推荐
- Using flask_ Whooshalchemyplus Jieba realizes global search of flask
- 《统计学》第八版贾俊平第十二章多元线性回归知识点总结及课后习题答案
- Cadence physical library lef file syntax learning [continuous update]
- Pointer -- eliminate all numbers in the string
- 数字电路基础(一)数制与码制
- Statistics, 8th Edition, Jia Junping, Chapter VIII, summary of knowledge points of hypothesis test and answers to exercises after class
- Database monitoring SQL execution
- To brush the video, it's better to see if you have mastered these interview questions. Slowly accumulating a monthly income of more than 10000 is not a dream.
- Wu Enda's latest interview! Data centric reasons
- 《统计学》第八版贾俊平第十一章一元线性回归知识点总结及课后习题答案
猜你喜欢
《统计学》第八版贾俊平第十二章多元线性回归知识点总结及课后习题答案
Quaternion -- basic concepts (Reprint)
Statistics 8th Edition Jia Junping Chapter 14 summary of index knowledge points and answers to exercises after class
Proceedingjoinpoint API use
Statistics 8th Edition Jia Junping Chapter 10 summary of knowledge points of analysis of variance and answers to exercises after class
Statistics, 8th Edition, Jia Junping, Chapter VIII, summary of knowledge points of hypothesis test and answers to exercises after class
Statistics, 8th Edition, Jia Junping, Chapter 11 summary of knowledge points of univariate linear regression and answers to exercises after class
Binary search tree concept
数字电路基础(四) 数据分配器、数据选择器和数值比较器
Matplotlib绘图快速入门
随机推荐
[Ogg III] daily operation and maintenance: clean up archive logs, register Ogg process services, and regularly back up databases
浙大版《C语言程序设计实验与习题指导(第3版)》题目集
Function: string storage in reverse order
How to test whether an object is a proxy- How to test if an object is a Proxy?
Apache APIs IX has the risk of rewriting the x-real-ip header (cve-2022-24112)
Harmonyos application development -- address book management system telmanagesys based on listcontainer [phonebook][api v6]
【指针】删除字符串s中的所有空格
[pointer] the array is stored in reverse order and output
Binary search tree concept
Es full text index
How to earn the first pot of gold in CSDN (we are all creators)
【指针】求字符串的长度
函数:求方程的根
数字电路基础(四) 数据分配器、数据选择器和数值比较器
Realize applet payment function with applet cloud development (including source code)
Database monitoring SQL execution
《統計學》第八版賈俊平第七章知識點總結及課後習題答案
Pointer -- eliminate all numbers in the string
Based on authorized access, cross host, and permission allocation under sqlserver
[pointer] counts the number of times one string appears in another string