[20 Points] Emdee five for life [by L4mpje]
问题描述:
Can you encrypt fast enough?
初始页面, 不管怎么样点击 Submit 都会显示 "Too slow!"
依据 html 源码, 编写 Python 脚本进行利用
- import requests
- import hashlib
- import re
- url="http://docker.hackthebox.eu:34650/"
- r=requests.session()
- out=r.get(url)
- rr = re.compile(r"<h3 align='center'>(\S+)</h3>", re.I)
- str1 = rr.findall(out.text)
- str2=hashlib.md5(str1[0].encode('utf-8')).hexdigest()
- data={
- 'hash': str2
- }
- out = r.post(url = url, data = data)
- print(out.text)
- Run result
- <HTML>
- <head>
- <title>emdee five for life</title>
- </head>
- <body style="background-color:powderblue;">
- <h1 align='center'>MD5 encrypt this string</h1><h3 align='center'>JBUxqcV4rWsw17043rxv</h3><p align='center'>HTB{
- N1c3_ScrIpt1nG_B0i!
- }</p><center><form action=""method="post">
- <input type="text" name="hash" placeholder="MD5" align='center'></input>
- </br>
- <input type="submit" value="Submit"></input>
- </form></center>
- </body>
- </HTML>
[20 Points] Fuzzy [by Arrexel]
问题描述:
We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing.
初始页面为一个静态页面
发现没有什么可利用的点直接进行站点 Fuzz
Start
Fuzz 可以看出来存在目录 API 并且 API 下面还有一个 PHP 文件
尝试访问 /API/action.PHP 发现缺少 Parameter
接下来 Fuzz Parameter
Start
Fuzz 到参数 reset
最后 Fuzz ID
Start
End,Fuzz
来源: https://www.cnblogs.com/qftm/p/11260600.html