## Em Dee Five for Life
We start the instance
The page gives us a string and asks for the md5sum as the input, after we inpput the md5sum of the string got from our terminal, we get a response of too slow.
So to make the response fast, we can write a simple python script. First, we intercept the post request to the page in burpsuite to chech how the md5 hash is passed and find that it is passed as raw data.
Now, we write our script.
#! /usr/bin/env python
from __future__ import print_function
import requests
import re
import hashlib
import os
# We setup our proxy here to pass our requests through burpsuite for checking
#---------------------------------------------------------------------------------
= '127.0.0.1:8080'
proxy
# os.environ['http_proxy'] = proxy
# os.environ['HTTP_PROXY'] = proxy
# os.environ['https_proxy'] = proxy
# os.environ['HTTPS_PROXY'] = proxy
# Here, we make the get request to get our initial page requesting for the md5
as we need to post our response to the same session
by creating a session, #---------------------------------------------------------------------------------
= "http://docker.hackthebox.eu:31405"
url
= requests.Session()
req = req.get(url)
page = page.content
text print(text)
# We use python regex to find seperate our hash out of the html file, we can
file first.
find the regex by analyzing the whole html #---------------------------------------------------------------------------------
= re.findall("<h3 align='center'>(.*)</h3>", text)[0]
x = x.rstrip()
x
# print("hash: " + x)
# print(s)
# We find the md5sum of the supplied string and pass it as data to a post
request made to the session#---------------------------------------------------------------------------------
= hashlib.md5(x).hexdigest()
emd5
# print("md5sum: " + emd5)
= dict(hash=emd5)
payload
= req.post(url, data = payload)
response
# And here we get the response back and get the flag out
#---------------------------------------------------------------------------------
# print(response.text)
= re.findall("<p align='center'>(.*)</p>", response.content)[0]
flag print("flag: " + flag)
And we get our flag.