Emdee five for life

I’m using a bash script with curl, md5sum and egrep… yet I’m unable to make it on time!
(and yes… I’m including the cookies in the POST)

This is the time it takes me to get the initial page:

root@chromeos:/# time curl -s  docker.hackthebox.eu:30638 -o /dev/null

real	0m0.108s
user	0m0.012s
sys	0m0.007s

The whole thing finishes in 0.083s but it looks like it’s not fast enough!

root@chromeos:/# time /emde.sh 
* Rebuilt URL to: http://docker.hackthebox.eu:30638/
*   Trying 139.59.202.58...
* TCP_NODELAY set
* Connected to docker.hackthebox.eu (139.59.202.58) port 30638 (#0)
> POST / HTTP/1.1
> Host: docker.hackthebox.eu:30638
> User-Agent: curl/7.58.0
> Accept: */*
> Cookie: PHPSESSID=4lt1dtmf0a6s7b4lb6brak2j96
> Content-Length: 37
> Content-Type: application/x-www-form-urlencoded
> 
* upload completely sent off: 37 out of 37 bytes
< HTTP/1.1 200 OK
< Date: Wed, 19 Feb 2020 00:11:37 GMT
< Server: Apache/2.4.18 (Ubuntu)
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Vary: Accept-Encoding
< Content-Length: 419
< Content-Type: text/html; charset=UTF-8
< 
[...]
<h3 align='center'>ursMxuZHh1OLGjp4TEKI</h3><p align='center'>Too slow!</p><center>[...]
* Connection #0 to host docker.hackthebox.eu left intact
input was: OfrcSp4to0zF95l1j9X9 , hash was 072dbd734eb7d40e17d9b3170b577de9

real	0m0.083s
user	0m0.023s
sys	0m0.017s

I also tried a couple of online bash interpreters (the ones that recognize curl) and got the same result:

https://repl.it/languages/bash

Anyone has been able to capture the flag for this challenge today?

Have separately verified that:

  • Cookie is being included in POST (Using requests and preserving session, so it is auto-resent)
  • hash is correct

Still getting “Too Slow”. Not sure what I am missing. Any hints/help would be much appreciated.

Type your comment> @msimiste said:

Have separately verified that:

  • Cookie is being included in POST (Using requests and preserving session, so it is auto-resent)
  • hash is correct

Still getting “Too Slow”. Not sure what I am missing. Any hints/help would be much appreciated.

Im in the same boat. Went so far as to get a VPS in london to get closer to the source and still no luck. I’d like a sanity check that its still possible.

I tried to do it with a bash script but It’s just not happening, takes about 150ms to finish, is curl just too slow? Would love if somebody who completed it with a bash script could take a look at my script or share theirs.

For those of you who are referring to speed. Making the script run faster is not the solution. Im not terribly good with bash so I’ll use python as an example. Whenever you make a request it is a completely new connection for every request. The trick is to send 1 request only. good thing to look into.
requests.sessions() ← golden goose

This is driving me crazy, my bash script wasn’t working so I wrote a python solution. Using requests.session() as you said, hashlib and beautiful soup (a million times easier than my regex solution) and it also doesn’t work. So I slapped it on a VPS to look if my internet is the problem, still doesn’t work. So I looked for a writeup and copied the guy’s code to my vps and even that still says too slow, even though the script apparently worked for the dude who wrote the writeup. So I’m pretty sure both of my scripts should work and the script from the write up as well, none of them get me the flag and I have no idea what the problem could be.

I am in the same boat. Used hashlib, Beautiful Soup, requests.session() for both get() and post(). Used tcpdump to verify the headers, cookies etc for both get() and post().

I’m in the same situation. I have done two scripts, one python script and one bash scripts. I’ve used wireshark to verify communication between server and client, cookies, headers times, etc… md5 hash is correct too. I don’t know what to think about it… some help?

@letMel00kDeepr said:
For those of you who are referring to speed. Making the script run faster is not the solution. Im not terribly good with bash so I’ll use python as an example. Whenever you make a request it is a completely new connection for every request. The trick is to send 1 request only. good thing to look into.
requests.sessions() ← golden goose

I can’t imagine just one request. One request is required to obtain the string and another request to send the string hash. right?? Do you mean one request? or one session ?

I guess it would be one session as your making a GET and PUT request. However you use just the 1 session. Hope that clarifies for you.

Type your comment> @letMel00kDeepr said:

I guess it would be one session as your making a GET and PUT request. However you use just the 1 session. Hope that clarifies for you.

Thank you, I thought this. But in anyway I keep getting “Too slow”…

PM me your code and I will take a look for you and see what your issue is.

I’m 99% sure this challenge is just broken lol

Today i re-ran my python script and got the flag in my response. I made no changes from the one that was failing 2 weeks ago. Seems like the challenge has been fixed.

Yes, the challenge has benn fixed, I was going crazy… I re-ran my both scripts and got the flag.

hey, i got it done, challenge says 20 points, but it landed me only 2, what is that all about ?
ty, good practice

Struggling with this atm, got the string extracted encoded and encrypted, posted into the text field and submit button pressed with Selenium but still says ‘too slow’. I’m assuming it has something to do with the cookies based off everyones comments but i’m not sure what exactly I can do with them?

Hi - In case anyone is interested on solving this challenge without scripting, I managed to get the flag using Burp. I am very happy with what I learned, it involved: Intruder, some grepping (part of Intruder options) and payload processing.

Happy Hacking! : )

Just two tips:

You are not as fast as a script.

If you try to use 2 different sessions, you won’t be fast enough, make sure you are using the same session for all your requests.

Got a single line bash script to do it all but with creating two sessions fastest it will go is 0.435s. So not so much how many ways but ‘can do you this in python’ really. Running the script in an EC2 instance got execution time to 0.169s but still getting back “too slow.”