Hack The Box Web Pentest 2019

Qftm發表於2019-07-30

[20 Points] Emdee five for life [by L4mpje]

問題描述:

 Can you encrypt fast enough? 

初始頁面,不管怎麼樣點選Submit都會顯示"Too slow!"

 依據Html原始碼,編寫Python指令碼進行利用

import requests
import hashlib
import re

url="http://docker.hackthebox.eu:34650/"

r=requests.session()
out=r.get(url)

rr = re.compile(r"<h3 align='center'>(\S+)</h3>", re.I)
str1 = rr.findall(out.text)
str2=hashlib.md5(str1[0].encode('utf-8')).hexdigest()

data={'hash': str2}
out = r.post(url = url, data = data)

print(out.text)

Run result

<html>
<head>
<title>emdee five for life</title>
</head>
<body style="background-color:powderblue;">
<h1 align='center'>MD5 encrypt this string</h1><h3 align='center'>JBUxqcV4rWsw17043rxv</h3><p align='center'>HTB{N1c3_ScrIpt1nG_B0i!}</p><center><form action="" method="post">
<input type="text" name="hash" placeholder="MD5" align='center'></input>
</br>
<input type="submit" value="Submit"></input>
</form></center>
</body>
</html>

[20 Points] Fuzzy [by Arrexel]  

問題描述:

We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing. 

初始頁面為一個靜態頁面

發現沒有什麼可利用的點直接進行站點Fuzz

Start

Fuzz可以看出來存在目錄api並且api下面還有一個php檔案

嘗試訪問 /api/action.php 發現缺少Parameter

 

接下來Fuzz Parameter

Start

 

 Fuzz到引數reset

最後Fuzz ID

Start

End,Fuzz

相關文章