Sarthak Saini

A Personal Blog site where i post things which i like to do...

Home About me

Emdee five for life writeup (HACK THE BOX)

Welcome Readers, Today we will be doing the hackthebox(HTB) challenge

Starting point…


our only task is to submit the string after converting it to md5 hash …but when i tried to submit i got this…


Yup Too slow

Let’s automate this and build a python script for it and i will be using:-


Source code

<html>
<head>
<title>emdee five for life</title>
</head>
<body style="background-color:powderblue;">
<h1 align='center'>MD5 encrypt this string</h1><h3 align='center'>fDRusAk7w752Hy5b5iNx</h3><p align='center'>HTB{N1c3_ScrIpt1nG_B0i!}</p><center><form action="" method="post">
<input type="text" name="hash" placeholder="MD5" align='center'></input>
</br>
<input type="submit" value="Submit"></input>
</form></center>
</body>
</html>

Building the script

So with my crappy skills of regex let’s start building the logic …

><h3 align='center'>sR1LvFdED1Toos1uBn6k</h3>

This was achieved by using this …

center'>+.*?</h3>


Now we will filter it more and will make the final script…

import requests
import hashlib
import re



url="http://docker.hackthebox.eu:33205/"

r=requests.session()
out=r.get(url)
out=re.search("<h3 align='center'>+.*?</h3>",out.text)
out=re.search("'>.*<",out[0])
out=re.search("[^|'|>|<]...................",out[0])

out=hashlib.md5(out[0].encode('utf-8')).hexdigest()

print("sending md5 :-{}".format(out))

data={'hash': out}
out = r.post(url = url, data = data)

print(out.text)


Getting the flag

Now time to run the script and get the flag :)

syntax :- python3 emdee.py


There we go we got our flag …sorry for bad regex lol i am new at this, anyways if you guys like my writeup stay tuned will post more :neckbeard: