Emdee five for life

13

Comments

  • Hi everyone ! I've got the flag with "request", "hashlib" and "re". But, in the first place, I tried with BeautifoulSoup instead of "re" and its not working.
    I'd like to figure out why, can someone contact me in private ? :smile:

  • Has anyone successfully completed this with a bash script? It runs quickly but I must be missing something essential.

  • Type your comment> @taylnick said:

    Has anyone successfully completed this with a bash script? It runs quickly but I must be missing something essential.

    I guess curl is just slow compared to python. I thought it didn't work because of the use of cookies but I didn't test further.

    Deleite

  • Small hint. Use hexdigest().....

  • Type your comment> @taylnick said:

    Has anyone successfully completed this with a bash script? It runs quickly but I must be missing something essential.

    Just solved it using bash/curl :blush: Script runtime ~250ms
    Was a bit of a pain in the a**, as I started on macOS and then ported the script to Kali, but some "macOS specialities" broke the script there in just too many ways ;-)
    So, in the end I did a lot of debugging using Wireshark, to get it working. Big thanks for that tip anyway (was mentioned somewhere here before), I really can just recommend it.

  • Although I found the flag using Python, I am really interested in the solution in bash using curl, sed and md5sum. I just can't seem to get it fast enough, or I made an error somewhere...

  • good early challenge for scripting.

  • edited August 2019

    I tried to get the answer using a bash terminal , but i cant seem to get it wo work.
    curl (get) > grep > cut > md5sum > awk > curl (post)

    The GET curl has the -c cookie jar, and the POST curl has the -b cookie flags

    edit Just tried timing the bash script and it takes .44s so im assuming thats why im getting to slow :neutral:

  • I finally did it! Learnt a lot about Python and BeautifulSoup.

  • one extra space character cost me several hours in my bash script :( but got there in the end :smile:

    CurioCT

  • just completed using plain old javascript :P

  • for php script , its slow, but good enough
    real 0m0.588s
    user 0m0.001s
    sys 0m0.022s

    image

  • Got the flag. Nice challenge, got to practice requests which I hadn't done much of in python.

  • Spoiler Removed

  • When writing a python script, remember that the data goes as dictionary in the POST request, not as a string with "hash=value"

  • If you are doing it on the command line and are sure you are doing it correctly, just keep trying, because I was getting too slow, and then finally got it, so it must be right on the edge of whatever the timer is.

    Hilbert

  • I wrote it in php, very simple but had to use a vps as my home connection was just too slow.

  • Question is, how to understand, problem in connection or with data that I send? I wrote 2 scripts: on Ruby and Crystal, both is fail. Maybe something wrong with my hash, but I get only Too Slow =(

  • Can I dm someone for a hint? I'm still 'too slow', but I think I've crossed off the following:

    • Sending proper md5 digest
    • Keeping connection open
    • Biscuits
  • @TedLogan89 I cooked up a Python script for this challenge - I'm not a Python expert in any way, but found enough info by scanning through some Stack Overflow threads (and the documentation they pointed to) to get the job done.

  • edited February 19

    I'm using a bash script with curl, md5sum and egrep.. yet I'm unable to make it on time!
    (and yes... I'm including the cookies in the POST)

    This is the time it takes me to get the initial page:

    [email protected]:/# time curl -s  docker.hackthebox.eu:30638 -o /dev/null
    
    real    0m0.108s
    user    0m0.012s
    sys 0m0.007s
    

    The whole thing finishes in 0.083s but it looks like it's not fast enough!

    [email protected]:/# time /emde.sh 
    * Rebuilt URL to: http://docker.hackthebox.eu:30638/
    *   Trying 139.59.202.58...
    * TCP_NODELAY set
    * Connected to docker.hackthebox.eu (139.59.202.58) port 30638 (#0)
    > POST / HTTP/1.1
    > Host: docker.hackthebox.eu:30638
    > User-Agent: curl/7.58.0
    > Accept: */*
    > Cookie: PHPSESSID=4lt1dtmf0a6s7b4lb6brak2j96
    > Content-Length: 37
    > Content-Type: application/x-www-form-urlencoded
    > 
    * upload completely sent off: 37 out of 37 bytes
    < HTTP/1.1 200 OK
    < Date: Wed, 19 Feb 2020 00:11:37 GMT
    < Server: Apache/2.4.18 (Ubuntu)
    < Expires: Thu, 19 Nov 1981 08:52:00 GMT
    < Cache-Control: no-store, no-cache, must-revalidate
    < Pragma: no-cache
    < Vary: Accept-Encoding
    < Content-Length: 419
    < Content-Type: text/html; charset=UTF-8
    < 
    [...]
    <h3 align='center'>ursMxuZHh1OLGjp4TEKI</h3><p align='center'>Too slow!</p><center>[...]
    * Connection #0 to host docker.hackthebox.eu left intact
    input was: OfrcSp4to0zF95l1j9X9 , hash was 072dbd734eb7d40e17d9b3170b577de9
    
    real    0m0.083s
    user    0m0.023s
    sys 0m0.017s
    

    I also tried a couple of online bash interpreters (the ones that recognize curl) and got the same result:

    http://www.onlinegdb.com/
    https://repl.it/languages/bash

    Anyone has been able to capture the flag for this challenge today?

  • Have separately verified that:

    • Cookie is being included in POST (Using requests and preserving session, so it is auto-resent)
    • hash is correct

    Still getting "Too Slow". Not sure what I am missing. Any hints/help would be much appreciated.

  • Type your comment> @msimiste said:

    Have separately verified that:

    • Cookie is being included in POST (Using requests and preserving session, so it is auto-resent)
    • hash is correct

    Still getting "Too Slow". Not sure what I am missing. Any hints/help would be much appreciated.

    Im in the same boat. Went so far as to get a VPS in london to get closer to the source and still no luck. I'd like a sanity check that its still possible.

  • I tried to do it with a bash script but It's just not happening, takes about 150ms to finish, is curl just too slow? Would love if somebody who completed it with a bash script could take a look at my script or share theirs.

  • For those of you who are referring to speed. Making the script run faster is not the solution. Im not terribly good with bash so I'll use python as an example. Whenever you make a request it is a completely new connection for every request. The trick is to send 1 request only. good thing to look into.
    requests.sessions() <-- golden goose

  • This is driving me crazy, my bash script wasn't working so I wrote a python solution. Using requests.session() as you said, hashlib and beautiful soup (a million times easier than my regex solution) and it also doesn't work. So I slapped it on a VPS to look if my internet is the problem, still doesn't work. So I looked for a writeup and copied the guy's code to my vps and even that still says too slow, even though the script apparently worked for the dude who wrote the writeup. So I'm pretty sure both of my scripts should work and the script from the write up as well, none of them get me the flag and I have no idea what the problem could be.

  • I am in the same boat. Used hashlib, Beautiful Soup, requests.session() for both get() and post(). Used tcpdump to verify the headers, cookies etc for both get() and post().

  • I'm in the same situation. I have done two scripts, one python script and one bash scripts. I've used wireshark to verify communication between server and client, cookies, headers times, etc... md5 hash is correct too. I don't know what to think about it... some help?

  • edited February 24

    @letMel00kDeepr said:
    For those of you who are referring to speed. Making the script run faster is not the solution. Im not terribly good with bash so I'll use python as an example. Whenever you make a request it is a completely new connection for every request. The trick is to send 1 request only. good thing to look into.
    requests.sessions() <-- golden goose

    I can't imagine just one request. One request is required to obtain the string and another request to send the string hash. right?? Do you mean one request? or one session ?

  • I guess it would be one session as your making a GET and PUT request. However you use just the 1 session. Hope that clarifies for you.

Sign In to comment.