___               _   ___   ___ 
|  _|_____ ___ ___| |_|_  | |  _|
|  _|     | .'|_ -|   |_| |_| . |
|_| |_|_|_|__,|___|_|_|_____|___|
                 u/fmash16's page

## Em Dee Five for Life

We start the instance

The page gives us a string and asks for the md5sum as the input, after we inpput the md5sum of the string got from our terminal, we get a response of too slow.

So to make the response fast, we can write a simple python script. First, we intercept the post request to the page in burpsuite to chech how the md5 hash is passed and find that it is passed as raw data.

Now, we write our script.

#! /usr/bin/env python

from __future__ import print_function
import requests
import re
import hashlib
import os

# We setup our proxy here to pass our requests through burpsuite for checking
#---------------------------------------------------------------------------------
proxy = '127.0.0.1:8080'

#  os.environ['http_proxy'] = proxy
#  os.environ['HTTP_PROXY'] = proxy
#  os.environ['https_proxy'] = proxy
#  os.environ['HTTPS_PROXY'] = proxy


# Here, we make the get request to get our initial page requesting for the md5
by creating a session, as we need to post our response to the same session
#---------------------------------------------------------------------------------
url = "http://docker.hackthebox.eu:31405"

req = requests.Session()
page = req.get(url)
text = page.content
print(text)


# We use python regex to find seperate our hash out of the html file, we can
find the regex by analyzing the whole html file first.
#---------------------------------------------------------------------------------
x = re.findall("<h3 align='center'>(.*)</h3>", text)[0]
x = x.rstrip()

# print("hash: " + x)
# print(s)


# We find the md5sum of the supplied string and pass it as data to a post
request made to the session
#---------------------------------------------------------------------------------
emd5 = hashlib.md5(x).hexdigest()

# print("md5sum: " + emd5)

payload = dict(hash=emd5)

response = req.post(url, data = payload)

# And here we get the response back and get the flag out
#---------------------------------------------------------------------------------
# print(response.text)

flag = re.findall("<p align='center'>(.*)</p>", response.content)[0]
print("flag: " + flag)

And we get our flag.