[20 Points] Emdee five for life [by L4mpje]
问题描述:
Can you encrypt fast enough?
初始页面,不管怎么样点击Submit都会显示"Too slow!"
依据Html源码,编写Python脚本进行利用
import requests import hashlib import re url="http://docker.hackthebox.eu:34650/" r=requests.session() out=r.get(url) rr = re.compile(r"<h3 align='center'>(S+)</h3>", re.I) str1 = rr.findall(out.text) str2=hashlib.md5(str1[0].encode('utf-8')).hexdigest() data={'hash': str2} out = r.post(url = url, data = data) print(out.text)
Run result
<html>
<head>
<title>emdee five for life</title>
</head>
<body style="background-color:powderblue;">
<h1 align='center'>MD5 encrypt this string</h1><h3 align='center'>JBUxqcV4rWsw17043rxv</h3><p align='center'>HTB{N1c3_ScrIpt1nG_B0i!}</p><center><form action="" method="post">
<input type="text" name="hash" placeholder="MD5" align='center'></input>
</br>
<input type="submit" value="Submit"></input>
</form></center>
</body>
</html>
[20 Points] Fuzzy [by Arrexel]
问题描述:
We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing.
初始页面为一个静态页面
发现没有什么可利用的点直接进行站点Fuzz
Start
Fuzz可以看出来存在目录api并且api下面还有一个php文件
尝试访问 /api/action.php 发现缺少Parameter
接下来Fuzz Parameter
Start
Fuzz到参数reset
最后Fuzz ID
Start
End,Fuzz
