In this post we will talk about the Emdee Five For Life, the first challenge for the HTB Track “Intro to Dante”.
When the challenge powerup, only theone port is available, the challenge Description:
Can you Encrypt Fast Enough?
The application gives a string and asks for the equivalent MD5 hash. Its not possible to solve manually, its required to write down a script.
During the process to solve the challenge, the attacked noted that if the request is not performed with a valid session, the application recuses the request. In this scenario, the requests.session() has been used to enabled valid session.
#!/usr/bin/python3
import requests
import hashlib
url='http://178.128.160.242:31688/'
data=requests.session()
data_req = data.get(url)
target_string=data_req.text.split('>')[9].split('<')[0]
encripted_string=hashlib.md5(target_string.encode('utf-8')).hexdigest()
print("[-] Target String: '{}' Encripet String: '{}'".format(target_string,encripted_string))
post_payload={'hash':encripted_string}
print(post_payload)
reply=data.post(url,data=post_payload)
print(reply.text.split('>')[11].split('<')[0])
The attacker tried to write the same routine using shellscript, but, due to limitations related to mantain sessions with curl, the approach has been aborted.
#!/bin/bash
url='http://178.128.160.242:31688/'
data=`curl -s $url`
clear_txt=`echo $data | cut -d '>' -f 10 | cut -d '<' -f 1`
enc_txt=`echo -n $clear_txt | md5sum | cut -d ' ' -f 1`
data=`curl -s -X POST --data "hash=$enc_txt" $url`
echo $data
Computer Addicted 
One thought on “WriteUp: Intro to Dante – Emdee Five For Life 1/6”