hackwithvyshu

Hack The Box: How to get invite code

by :- Vyshu < vaishnavu c v >

---

What is Hack The Box :

It is basically an online platform to test and advance your skills in penetration testing and cyber security. It contains several challenges that are constantly updated. Some of them simulating real world scenarios and some of them leaning more towards a CTF style of challenge. You should try this site out if you have interest in network security or information security.

Now, let’s hack our way in! Shall we?

1. First, visit the Hack the Box site and read along its FAQs and other useful stuff written there

 

2. You will be told to go to https://www.hackthebox.eu/invite to join HTB.

 

3. When you go to that page, you will see a text box asking you for an invite code.

 

4. Right click on the page, and open inspect element. Alternatively, press  

Ctrl+Shift+I to open the Chrome Developers Tools.

 

5. Go through the elements tab and you will find a script with source (src) as: /js/inviteapi.min.js

 

 

6.  So now, go to https://www.hackthebox.eu/js/inviteapi.min.js . You will see a JS file like this.

 

 

7. makeInviteCode looks interesting. So let’s go back to https://www.hackthebox.eu/invite and try to find its contents.

8. Goto console tab in Chrome Developer Tools, and type makeInviteCode() and press ENTER. You will get a 200 Success status and data as shown below.

See the hint and data

9. When you click the small arrow alongside data, you will see that the text is encrypted and the encoding type is ROT13.

ROT13 Encoding Type

10.Let’s decode that message! Copy the contents of data. And open decoder:
https://soumya.dev/decode

11. Select type: ROT13, paste the copied data onto the Encoded Text box and click Decode. You will get something like below.

ROT13 decryption

12. So, as we can see in Decoded Text, in order to generate an invite code, we need to make a POST request to “https://www.hackthebox.eu/api/invite/generate”.

13. Fire up your terminal/ command-prompt. And make a POST request by typing:

curl -XPOST https://www.hackthebox.eu/api/invite/generate

14. You will get a success message as:

{“success”:1,”data”:{“code”: “somerandomcharacters12345”, “format”: “encoded”}, “0”:200}

15. As you saw, we code a code. But this is not our invite code as it says format:encoded.

16. Lets’s try decoding it, by again using decoder: https://soumya.dev/decode.

17. But this time, select type as Base64. Paste the code you got as the response of the POST request into the Encoded Text box and press Decode. Voila! You get your invite code.

You get your invite code (Don’t try using this invite code as it won’t work for you)

18. Now, finally go to https://www.hackthebox.eu/invite and paste the Invite Code you got in the textbox asking for the same.

19. You’re in! You can sign up on the site now and become a member.

 

Happy Hacking!

If this post helped you, and you want to help me create more tutorials/ videos like this, please consider supporting me at  https://hackwithvyshu.blogspot.com/