Home Hack The Box HTB Challenge : Emdee five for life | Web Scraping With Python

Hack The Box

HTB Challenge : Emdee five for life | Web Scraping With Python

April 21, 2020

2453

INTRO

It is my first write up for an HTB challenge. When I saw this challenge, the solution immediately popped up on my mind. It was quite simple. cause I know basic python. It can be simply done. If you have the basic knowledge of Python and its modules such as re, bs4, hashlib and requests.

By the way, I am using Visual Studio here to code.

If you don’t know about these modules, I would like to suggest their documentation:

re (Regular expression) – Click Here

bs4(Beautiful soup) – Click Here

hashlib – Click Here

requests – Click Here

you can choose one between re and bs4. But I am going to use bs4 for this tutorial. and I will also recommend this.

some people said to me that python can be slow for such challenge and I admit it. but if you are not trying to do it the wrong way then how can you expect to learn anything. because you are not making any mistakes.

ATTACK

First, we will start the challenge and visit the URL, you are given. it is showing a string. and above that, a line is saying

”’ MD5 encrypt this string ”’

Screenshot:

here you can see the most important thing “input field”. so let’s do as the website says. we will copy the string, convert it into md5 hash, paste it in the input field and then we will press “submit”.

now you will see that the page is saying something like “Too Slow!“. no matter how fast you try to input the md5 string you will get the same error again and again.

now we have a way to make it faster. we will create a python script to do the same thing that we were doing but this time, we have a chance to get the flag somehow.

Script

we will import some modules which are very necessary for this script.

import requests
from bs4 import BeautifulSoup
import hashlib

The requests module is to make GET and POST requests. we have also imported the BeautifulSoup. it will work as a web scraping module in this script. and the hashlib is a library that will encrypt the given string.

now, make a variable which will hold the URL value.

URL =  "http://docker.hackthebox.eu:30380"

After that, we will define a function in which our script will visit the URL and get the value of the string and then it will convert it into md5 hash. and then it will insert that string as in “input field”. I would recommend you to do this yourself because I have told you everything, you need to know to make this script.

def take_url():
    '''
    it will take url and return the key value to be hashed 
    '''
    global newurl
    global hashvalue
    r =requests.session()
    oldurl = r.get(url)

    res = BeautifulSoup(oldurl.content, "html5lib")
    headline = (res.h3).get_text()
    hashvalue=(hashlib.md5(str(headline).encode())).hexdigest()
    data1 = {"hash":f"{hashvalue}"}
    newurl = r.post(url,data=data1)

we have defined the function as take_url with a docstring. after that, we have defined some global variables. you will know why I have done this. then there is a requests .session().

oldurl is making a GET request to the URL because we are not submitting any data now. we will use it just to get the string that is going to be an MD5 string.

To get the string, I have used the BeautifulSoup. it is extracting the headline(h3) from the source code of the web page.

then we have used get_text() function to remove all the tags and unwanted chars from the res variable. now, we have a clear string. after that, we can make it an MD5 string. the value of the hash is stored in hashvalue.

Its time to capture the request that we are sending to the webserver. to capture the request, we can use Burpsuite. You will see that there is hash value parameter. it is taking the value that we are submitting in “input field”.

we have defined a data variable above. it has an f-string in it(hashvalue).

and in the end, we have made a POST request. because we have something to send to the server.

now all you need to call the function. you can do it in a loop. I thought that it may work after some outputs. but you can just call it once. it will give you the flag.

while True:
    take_url()
    print(newurl.text)

It could be done via any other programming language like Perl, Ruby and Bash. bash scripting can be so fast. I would try bash scripting if the python would not work. then it would be the only way left to do this challenge.

Stay home, stay safe and keep reading our articles.

Thanks For Visiting

How To Fix Error: Externally-Managed-Environment In Python (Kali Linux)

Understanding Systemctl Command in Linux (Practical)

Macros in docm & Linux memory dump| Hack The Boo …

Android Apps debugging | Frida, JADX, Genymotion

HTB Challenge : Emdee five for life | Web Scraping With Python

”’ MD5 encrypt this string ”’

LEAVE A REPLY Cancel reply

Connect With Us

Popular

How To Hack MySpace By Phishing (Working)

How To Perform Brute-Force on Facebook Easily

How to enable RDP in Linux | XRDP, SSH

How To Crack WinRAR | Reverse Engineering

KDE VS XFCE | which one is better

How To Edit a Text file in Windows Powershell

How To Fix Error: Externally-Managed-Environment In Python (Kali Linux)

How to extract information from .DMP files

TELNET & FTP Analysis