HackTheBox challenge web Emdee five for life

Purpose

Solving web challenge (Emdee five for life) from Hackthebox.eu
It is not really a hacking challenge but a coding challenge ;)

Reconnaissance

Access the web page give us this page

Screen

We need to encrypt hash the text very fast.

Get information of the query with Burp:
Burp
We see that the page have a session. So we need to store this information before we send the query back.

Step to solve the challenge:

  • grep the page and the session
  • extract the value to hash
  • hash the value
  • send it back to the server with the session ID

Lets code this

It is possible to code this in several languages.
Try it in python3

Spoiler warning 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import requests
import hashlib
import re


url = "http://134.209.29.219:31621/"
pattern = r'<h3 align=\'center\'>([0-9a-zA-Z]{1,})</h3><center>'

s = requests.session()
r = s.get(url)
if r.status_code == 200:
    #print("# HTML code page:")
    #print(r.text)
    m = re.search(pattern,r.text)

    if m.group(1):
        #print("# Extract value [{}]".format(m.group(1)))
        md5_value = hashlib.md5(m.group(1)).hexdigest()
        #print("# MD5 value [{}]".format(md5_value))

        x = s.post(url, data = {'hash': md5_value, 'submit': 'Submit'})
        print(x.text)

    else:
        print("regex error")

else:
    print("http error")

output
Shell output

Bash online

Just for the fun, and to show that bash is often helpfull :)

Spoiler warning 
1
curl -s -q -b /tmp/cookies.txt -d hash=$(echo -ne $(curl -q -s -c /tmp/cookies.txt http://134.209.29.219:31637/ | grep -oE "[0-9a-zA-Z7]{20}") | md5sum | awk '{print $1}') http://134.209.29.219:31637 | grep -oE "HTB{.*}"