Home Emdee five for life [WEB][EASY] Writeup
Post
Cancel

Emdee five for life [WEB][EASY] Writeup

Posted Mar 21, 2021 Updated Aug 27, 2022
By Arijit Bhowmick
2 min read

HTB Img

Challenge Description

Challenge Details

Can you encrypt fast enough?

SOLUTION

Click on the Start Instance button to start the challenge.

Then you are provided with an website's address copy it and open it in another tab or browser.
In my case it was http://188.166.168.204:32270

Homepage of the Webapp :

homepage

The webapp ask us to hash a given string, with MD5 and submit it in the provided textbox.
If we are going to manually convert the string in MD5 hash and submit it, then it will
give a response string as Too slow!.

So, to solve this challenge I thought of making an automation script with python3.

But for that I have to analyze the source-code of the webpage and modify it to extract the required information.

Source-Code of the Webpage

webpage_source-code

After analyzing the source code of the webpage, I thought of using requests module in python3 to get the source-code from the webpage. Then with some modifications in the source-code, I am going to get the required string.

POST Request :

post_request

For analyzing the POST request that the webapp is sending toe the server, I am using Burpsuite.
In my case it is Burp Suite Community Edition v2021.2.1
I have analyzed the post request and found that there is a variable named as hash= where the hash is to be mentioned and send to the server.

Scripting

EXPLOIT Code:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57

# ARIJIT BHOWMICK [sys41x4]

import requests
import hashlib

site = "http://188.166.168.204:32270"

req = requests.session()

r = req.get(site)

identifying_string = "<h1 align=\'center\'>MD5 encrypt this string</h1><h3 align=\'center\'>"

page_source_ = r.text

def re_request_sender(plain_source):

	global page_source

	if (identifying_string in plain_source):
		for line in page_source:

			if (identifying_string in line):
				string_lst = line.replace(identifying_string, "").split("</h3>")

				string_to_encode = string_lst[0]
				response_string = string_lst[1].replace("<center><form action=\"\" method=\"post\">", "").replace("<p align=\'center\'>", "").replace("</p>","")

				print(f"STRING_TO_ENCODE = {string_to_encode}   |   RESPONSE_STRING = {response_string}")

				if response_string.startswith("HTB{"):

					exit()
				else:
				
					md5_hash = hashlib.md5(string_to_encode.encode()).hexdigest()

					break
			else:
				continue

		

		crafted_data = {"hash":md5_hash}


		r = req.post(site, data=crafted_data)

		return r.text




while True:

	page_source = page_source_.split('\n')
	page_source_ = re_request_sender(page_source_)

Here, the exploit code for this challenge will get the source-code of the provided web_address at site variable, and POST the MD5 hash that is provided by the Webapp.

Change http://188.166.168.204:32270, with what the web_address you are provided with.

The exploit script will output :
STRING_TO_ENCODE = <String to encode> | RESPONSE_STRING = <Response string from server>

For example, If the webapp provides a string AORErZSAyqSNn3uNeZyK to hash with MD5.
Then, the assumed output will be:

STRING_TO_ENCODE = AORErZSAyqSNn3uNeZyK | RESPONSE_STRING = Too slow!

The Value of RESPONSE_STRING vary about what the webapp provide us

If the RESPONSE_STRING starts with HTB{ then the script will exit, and we are going to have the Flag.

exploit

This is how, I solved this challenge.

Thankyou, for reading my writeup :)
Hope, I would see you in my next writeup.

Support Me if you want to.

CTF Platform, HackTheBox
HackTheBox Easy Emdee five for life Web Challenge writeup Burp python3 python
This post is licensed under CC BY 4.0 by the author.
Recently Updated
Contents