INTRO
It is my first write up for an HTB challenge. When I saw this challenge, the solution immediately popped up on my mind. It was quite simple. cause I know basic python. It can be simply done. If you have the basic knowledge of Python and its modules such as re, bs4, hashlib and requests
.
By the way, I am using Visual Studio here to code.
If you don’t know about these modules, I would like to suggest their documentation:
re (Regular expression) – Click Here
bs4(Beautiful soup) – Click Here
hashlib – Click Here
requests – Click Here
you can choose one between re and bs4. But I am going to use bs4 for this tutorial. and I will also recommend this.
some people said to me that python can be slow for such challenge and I admit it. but if you are not trying to do it the wrong way then how can you expect to learn anything. because you are not making any mistakes.
ATTACK
First, we will start the challenge and visit the URL, you are given. it is showing a string. and above that, a line is saying
”’     MD5 encrypt this string   ”’
Screenshot:
here you can see the most important thing “input field”. so let’s do as the website says. we will copy the string, convert it into md5 hash, paste it in the input field and then we will press “submit”.
now you will see that the page is saying something like “Too Slow!“. no matter how fast you try to input the md5 string you will get the same error again and again.
now we have a way to make it faster. we will create a python script to do the same thing that we were doing but this time, we have a chance to get the flag somehow.
   Script
we will import some modules which are very necessary for this script.
import requests from bs4 import BeautifulSoup import hashlib
The requests module is to make GET and POST requests. we have also imported the BeautifulSoup. it will work as a web scraping module in this script. and the hashlib is a library that will encrypt the given string.
now, make a variable which will hold the URL value.
URL =Â "http://docker.hackthebox.eu:30380"
After that, we will define a function in which our script will visit the URL and get the value of the string and then it will convert it into md5 hash. and then it will insert that string as in “input field”. I would recommend you to do this yourself because I have told you everything, you need to know to make this script.
def take_url(): ''' it will take url and return the key value to be hashed ''' global newurl global hashvalue r =requests.session() oldurl = r.get(url) res = BeautifulSoup(oldurl.content, "html5lib") headline = (res.h3).get_text() hashvalue=(hashlib.md5(str(headline).encode())).hexdigest() data1 = {"hash":f"{hashvalue}"} newurl = r.post(url,data=data1)
we have defined the function as take_url
with a docstring. after that, we have defined some global variables. you will know why I have done this. then there is a requests .session().
oldurl
is making a GET request to the URL because we are not submitting any data now. we will use it just to get the string that is going to be an MD5 string.
To get the string, I have used the BeautifulSoup
. it is extracting the headline(h3) from the source code of the web page.
then we have used get_text()
function to remove all the tags and unwanted chars from the res
variable. now, we have a clear string. after that, we can make it an MD5 string. the value of the hash is stored in hashvalue.
Its time to capture the request that we are sending to the webserver. to capture the request, we can use Burpsuite. You will see that there is hash
value parameter. it is taking the value that we are submitting in “input field”.
we have defined a data variable above. it has an f-string in it(hashvalue).
and in the end, we have made a POST request. because we have something to send to the server.
now all you need to call the function. you can do it in a loop. I thought that it may work after some outputs. but you can just call it once. it will give you the flag.
while True: take_url() print(newurl.text)
It could be done via any other programming language like Perl, Ruby and Bash. bash scripting can be so fast. I would try bash scripting if the python would not work. then it would be the only way left to do this challenge.
Stay home, stay safe and keep reading our articles.
Thanks For Visiting