[20 Points] Emdee five for life [by L4mpje]
問題描述:
Can you encrypt fast enough?
初始頁面,不管怎麼樣點選Submit都會顯示"Too slow!"
依據Html原始碼,編寫Python指令碼進行利用
import requests import hashlib import re url="http://docker.hackthebox.eu:34650/" r=requests.session() out=r.get(url) rr = re.compile(r"<h3 align='center'>(\S+)</h3>", re.I) str1 = rr.findall(out.text) str2=hashlib.md5(str1[0].encode('utf-8')).hexdigest() data={'hash': str2} out = r.post(url = url, data = data) print(out.text)
Run result
<html>
<head>
<title>emdee five for life</title>
</head>
<body style="background-color:powderblue;">
<h1 align='center'>MD5 encrypt this string</h1><h3 align='center'>JBUxqcV4rWsw17043rxv</h3><p align='center'>HTB{N1c3_ScrIpt1nG_B0i!}</p><center><form action="" method="post">
<input type="text" name="hash" placeholder="MD5" align='center'></input>
</br>
<input type="submit" value="Submit"></input>
</form></center>
</body>
</html>
[20 Points] Fuzzy [by Arrexel]
問題描述:
We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing.
初始頁面為一個靜態頁面
發現沒有什麼可利用的點直接進行站點Fuzz
Start
Fuzz可以看出來存在目錄api並且api下面還有一個php檔案
嘗試訪問 /api/action.php 發現缺少Parameter
接下來Fuzz Parameter
Start
Fuzz到引數reset
最後Fuzz ID
Start
End,Fuzz
