Emdee five for life HackTheBox Walkthrough
introduction
Hello guys hack again with another walkthrough this time we are going to be teaching a little bit of scripting with python while solving a web challenge on hackthebox platform called Emdee five for life.
The challenge begins by asking you if you can encrypt fast enough
On viewing the webpage we get a text that we are supposed to encrypt using md5 and end the computed hash. Nice let’s use our terminal and convert the string to a md5 hash
Let’s submit the hash and probably get the points since it’s an easy box
On submitting the hash we get a message saying we were too slow and no matter how fast i tried computing the hash i always got a message saying i was too slow. Next i though about automation and a programming language that am fluent in is python. Python is a really good programming language when it comes to automation. The next information i needed to know was what module was necessary to perform the task effectively
- Request module : to communicate with the web application via a GET or a POST request
- Re module : to grab a string from the webpage
- Hashlib module: to compute the md5 hash of a string
- Sys module: allows us to exit the script
- Cmd module: used to insert a URL that will be used by the python script
Some of the modules I’ve mentioned above aren’t really necessary but it make the script work more efficiently
So let’s craft our skeleton script
I created a class and called it Terminal. It is going to be taking user input and passing the input to the function which i will later create called cracker
The function cracker will be the main function that will contain the code that will exploit the web application. Let’s begin creating the function cracker
Looking at the screenshot above
First i created a sess variable that will save any session cookie if present this comes in handy in web applications that have an authentication mechanism present and then i coded a line that will validate if the supplied URL exists and if it doesn’t the script will ext gracefully with a warning. Let’s try running the program and see what happens
When we supply a URL that exists we see that the program works but when the supplied URL is bogus we see that the program exists gracefully. The logic works fine. The next thing i needed to do was to connect to the web application and grab the string which am supposed to hash. This is where the regular expression module (re) comes in handy since we can tell the script to use a particular pattern that is found on the web page to search for the string we are supposed to encrypt
Looking at the web page we are going to use the following pattern
Now let’s again save the script and run it again
And voila from the screenshot above we have successfully extracted the string from the webpage. Next we are supposed to hash it using the md5 hashib module
using the command
encrypted = md5(string.encode()).hexdigest()
Let’s save the program and run it again
Looking at the screenshot above we have a md5 hash already generated now the only thing remaining is to submit the hash. To find out the POST or GET parameter being used i intercepted a request using burpsuite
Looking at the burpsuite request below we see that it uses the POST method and a parameter called hash
Let’s add this to our script.
Let’s run it again
And after running it a couple of times we have the flag
Let’s use regular expressions to extract the flag
Let’s save the script and run it again
And as you can see in the above screenshot we have the flag
But still the script was not perfect sometime if the script was a little slow we could get a false negative saying that the script wasn’t working and yet the script was OK. I added a for loop to
I added a for loop that would execute the script 11 times untill it got the flag using the code below
And executing the script again you can see below that it works perfectly
Finally the script is done and looks nice and efficient. The challenge is still active but when the challenge retires i will release this writeup and also a link of my GitHub page containing the python script. I hope you guys enjoyed the walkthrough if so clap for me down below and follow me so that you won’t miss any upcoming articles