Emdee five for life

Ok, for this this challenge I opted to use python to craft a script that creates a session, get the text to be hashed, hash it using hashlib, and on the same session submit it. Not working. I feel I'm either overlooking or overthinking something.

Comments

  • What does wireshark show if you watch the traffic? It might help to see what you're sending out, since it definitely sounds like you're almost there.

  • Lol i dont know why i didnt think to use wireshark. Anywho got the flag. Thanks again

  • OK sure it works via the Python script but I don't get it why it only returns the POST data and why for e.g. Burp cannot get the flag in the POST request output. Isn't a script doing the same as any other tool that intercepts the HTTP requests. Anybody?

    Regards,
    qmi

  • When you make a request a new connection is made every time. So you need to make a get and post request using a single connection. DM for more help
  • If your using python take a closer look at
    requests.sessions.Session()
  • This really helped with my scripting!

    JohnEagle
    Always happy to help, feel free to drop me a PM for spoiler-free nudges

  • Just did this one - pretty easy points if you know some scripting! I really enjoyed it!

    Arrexel

  • @letMel00kDeepr , requests.Sessions() definitely helped me for this.

  • Yes, keeping the session open for this is key.

  • Thanks, the sessions has helped me too

  • So... I wrote a python script that does a Get and Post Request immediately still getting a Too Slow. can anyone help me out here?

  • can you pm me the code your using?
  • edited April 2020

    Hello,

    I've got a flag (in "HTB{...}" form) but it doesn't register. Could be a false positive ?

    Edit: Forget about it, seems it was a website side error, it register now.

  • I'v got the flag in a htb{....} but websites says it's incorrect flag ! what is the problem ?

Sign In to comment.