This challenge was my second challenge to complete on the Hack The Box website under the Web category. It was a quite fun challenge and I had no big issues with solving it, probably one of the faster ones I ever solved. It is ranked around easy-medium in difficulty and I will now go through how I attacked this challenge.
When you first browse the URL you are greeted by this website. Not much to it but it already gives you a hint of what is needed to complete this challenge. Also, the comment above (Can you encrypt fast enough?) gives a hint.
Every time you reload the page it changes the MD5 hash and if you simply try to encrypt this string and pass the hash in the input-field it will give you the following message saying you are too slow ☹
Clearly, we need to do this very fast, which is not possible to do by hand. Therefore we need to write a script that can do the following tasks.
- Open a browser and navigate to the URL
- Fetch the current MD5 string
- Encrypt the string
- Send it back to the browser, filling in the input field and pressing the submit-button.
Since I was doing this challenge from a Windows 10 machine and my preferred scripting-language is PowerShell I thought I should be able to do all these tasks in Powershell.
Task #1 – # Open IE and browse
I created a new Internet Explorer object and set it´s visibility to true so I could see what is going on, I then navigated to the URL for the challenge and waited for the page to fully load.
$ie = New-Object -Com InternetExplorer.Application
$ie.Visible = $true
$ie.Navigate("http://157.245.40.149:31826/")
while ($ie.ReadyState -ne 4) {Start-Sleep -m 100};Task #2 – Get latest MD5 to encrypt
I grabbed the MD5 string from the HTML body which was sitting inside a H3 tag, making it easy to select from the rest of the source-code.
$Doc = $ie.Document.body
$string = $Doc.getElementsByTagName("h3")[0].innerHTML
Task #3 – Encrypt string to MD5
I Googled for a way to encrypt strings to MD5 using PowerShell and found this example below which worked just fine.
$md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
$utf8 = new-object -TypeName System.Text.UTF8Encoding
$hash = [System.BitConverter]::ToString($md5.ComputeHash($utf8.GetBytes($string)))
$hash = $hash.ToLower() -replace '-', ''
Task #3 – Send back the hashed string and submit
I then found the form input field and added my newly created hash to it and clicked the submit-button.
$form = $ie.document.forms[0]
$inputs = $form.GetElementsByTagName("input")
($inputs | where {$_.Name -eq "hash"}).Value = $hash
($inputs | where {$_.type -eq "submit"}).Click()
When I run this code, it takes about 0.850 seconds to complete, giving me the following result.
Full code below – MD5forLife.ps1
# Open IE and browse
$ie = New-Object -Com InternetExplorer.Application
$ie.Visible = $true
$ie.Navigate("http://165.232.47.168:32257/")
while ($ie.ReadyState -ne 4) {Start-Sleep -m 100};
# Get latest MD5 to encrypt
$Doc = $ie.Document.body
$string = $Doc.getElementsByTagName("h3")[0].innerHTML
# Encrypt string to MD5
$md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
$utf8 = new-object -TypeName System.Text.UTF8Encoding
$hash = [System.BitConverter]::ToString($md5.ComputeHash($utf8.GetBytes($string)))
$hash = $hash.ToLower() -replace '-', ''
# Send back the hashed string and submit
$form = $ie.document.forms[0]
$inputs = $form.GetElementsByTagName("input")
($inputs | where {$_.Name -eq "hash"}).Value = $hash
($inputs | where {$_.type -eq "submit"}).Click()
Thanks for your blog, nice to read. Do not stop.