This article provides a clear and concise walkthrough of the “Emdee five for life” challenge from Hack The Box. The challenge, while categorized as easy, presents a fun little hurdle: you need to be faster than a human to solve it. The core task is to take a string provided by a web page, encrypt it using the MD5 algorithm, and submit it back, all before the server times you out.

HackTheBox Emdee five for life Description

HackTheBox Emdee five for life Challenge Writeup & Walkthrough

Can you encrypt fast enough?

Tools Used

requests: handle HTTP GET/POST

re: extract target string via regex

hashlib: compute MD5 hashes

sys, cmd: input URL and exit gracefully (supportive)

Walkthrough

Manual submission is futile, as the server will almost instantly tell you you’re “too slow.” This is a classic sign that automation is not just helpful but mandatory.

blank

For those who enjoy crafting their own solutions, you can build a Python script using the requests and BeautifulSoup libraries. This method offers precision and a deep understanding of the automation process.

The script starts by sending a GET request to the challenge page, along with the session cookie. The purpose of this initial request is to receive the first string that needs to be hashed.

The script then enters a loop. Inside this loop, the real magic happens:

  • Data Extraction: BeautifulSoup is used to parse the HTML of the page and cleverly find the string to be hashed, which is conveniently located inside an <h3> tag.
  • MD5 Encryption: The extracted string is then immediately encrypted using Python’s hashlib library to generate the required MD5 hash.
  • Submission: The script sends a POST request back to the server, with the newly generated MD5 hash as the payload.

The loop is programmed to check the response after each submission. As soon as the text “hack the box” appears in the response body, the script knows it has found the flag, breaks the loop, and prints the prize.

You can grab your session ID by sending a request and intercepting it with Burp

blank

Final Script

blank
i# Import necessary libraries
import requests
import hashlib
from bs4 import BeautifulSoup

# Setup session and URL
url = 'http://challenge-url.htb'
session_cookie = {'PHPSESSID': 'your_session_id_here'}

# Start a session
s = requests.Session()

# Get the initial page to grab the first string
response = s.get(url, cookies=session_cookie)

while 'HTB' not in response.text:
    # Use BeautifulSoup to find the string in the h3 tag
    soup = BeautifulSoup(response.text, 'html.parser')
    string_to_hash = soup.find('h3').text

    # Encrypt the string using MD5
    md5_hash = hashlib.md5(string_to_hash.encode()).hexdigest()

    # Send the hash back to the server
    response = s.post(url, data={'hash': md5_hash}, cookies=session_cookie)

# Print the flag from the final response
print(response.text)

Running the script gives the flag:

blank

Key Learning Points

  1. Use requests.Session() : maintains persistent connection, faster than new connections per loop.
  2. Regex extraction : use targeted pattern extraction for consistency.
  3. Loop retries : implement simple retry logic to handle race conditions.
  4. Automation beats manual : scripting critical for timing-sensitive tasks.

Alternative Method:

For those who prefer a powerful, GUI-driven tool, the video provides an elegant solution using Burp Suite’s Intruder. This method is incredibly efficient and requires no custom coding.

Configuring the Intruder Attack:

  1. Capture and Send: First, a POST request to the challenge page is captured and sent to the Intruder tool.
  2. Payload Configuration: This is where the setup gets clever.
    • Payload Type: The payload type is set to “Recursive grep.” This tells Intruder to extract a piece of information from the server’s response and use it as the payload for the next request.
    • Grep Extract: In the Intruder options, a “Grep Extract” rule is configured. You simply highlight the string within the <h3> tags from the response, and Intruder knows that this is the data it needs to grab for each cycle.
    • Payload Processing: A rule is then added to process this extracted payload. The rule is simple: “Hash -> MD5.”
  3. Flag Detection: A “Grep Match” rule is set up to look for the string “hack the box” in the responses. This makes it easy to spot the successful request that reveals the flag.
  4. Resource Management: To prevent overwhelming the server and to ensure the requests are processed sequentially, the number of concurrent requests is set to one.
  5. Launch! With the configuration complete, the attack is started. Burp Suite’s Intruder handles the rest, automatically performing the cycle of extracting, hashing, and submitting until the flag is captured.

Watch Also

,
Show Comments

The MasterMinds Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles