Hack The Box Web Pentest 2019

Posted 2022-05-29 qftm

[20 Points] Emdee five for life [by L4mpje]

问题描述：

 Can you encrypt fast enough? 

初始页面，不管怎么样点击Submit都会显示"Too slow!"

 依据html源码，编写Python脚本进行利用

import requests
import hashlib
import re

url="http://docker.hackthebox.eu:34650/"

r=requests.session()
out=r.get(url)

rr = re.compile(r"<h3 align=‘center‘>(\\S+)</h3>", re.I)
str1 = rr.findall(out.text)
str2=hashlib.md5(str1[0].encode(‘utf-8‘)).hexdigest()

data=‘hash‘: str2
out = r.post(url = url, data = data)

print(out.text)

Run result

<html>
<head>
<title>emdee five for life</title>
</head>
<body style="background-color:powderblue;">
<h1 align=‘center‘>MD5 encrypt this string</h1><h3 align=‘center‘>JBUxqcV4rWsw17043rxv</h3><p align=‘center‘>HTBN1c3_ScrIpt1nG_B0i!</p><center><form action="" method="post">
<input type="text" name="hash" placeholder="MD5" align=‘center‘></input>
</br>
<input type="submit" value="Submit"></input>
</form></center>
</body>
</html>

[20 Points] Fuzzy [by Arrexel]  

问题描述：

We have gained access to some infrastructure which we believe is connected to the internal network of our target. We need you to help obtain the administrator password for the website they are currently developing. 

初始页面为一个静态页面

发现没有什么可利用的点直接进行站点Fuzz

Start

Fuzz可以看出来存在目录api并且api下面还有一个php文件

尝试访问 /api/action.php 发现缺少Parameter

 

接下来Fuzz Parameter

Start

 

 Fuzz到参数reset

最后Fuzz ID

Start

End，Fuzz