HackTheBox Invite Challenge !! Very Easy

 

What is HackTheBox ?

HackTheBox is an online platform that allows you to test your penetration testing skills and exchange ideas and methodologies with other embers who have similar interests.

Hack The Box contains some constantly updated challenges. The challenge simulates real-world scenarios and some of these challenges are more inclined towards the Capture The Flag (CTF) challenge style.

Getting The Invite Code : 

To register on the Hack The Box required an invite code which you have to find.

The invite code is obtained from completing the challenge o the registration page. The Challenge is used to test your knowledge in web hacking and your understanding of PHP and JavaScript.

But if you have given up then follow this article on how to get the invite code Hack the Box.

Just go ahead and check on the steps :

First when the Invite Code page appears, we try to do the Inspect Element. When the source view, there is an interesting thing, that is/js/inviteapi.min.js.

Secondly if you try to open https://www.hackthebox.eu/js/inviteapi.min.js, it will appear as follows :

To be more neat, we try to open using beautifier.io and the copy and paste the contents of the file, later will appears as follows :

//This javascript code looks strange...is it obfuscated???

function makeInviteCode() {

    $.ajax({

        type: "POST",

        dataType: "json",

        url: '/api/invite/how/to/generate',

        success: function(a) {

            console.log(a)

        },

        error: function(a) {

            console.log(a)

        }

    })

}

Third, from the results above, there is an interesting JavaScript function, namely makeInviteCode(). We try to run in Web Console (when opening the inspect element, go to the Console tab), as follows : 

{0: 200, success: 1, data: {…}, hint: "Data is encrypted … We should probably check the encryption type in order to decrypt it…"}

temp1

{0: 200, success: 1, data: {…}, hint: "Data is encrypted … We should probably check the encryption type in order to decrypt it…"}

0: 200

data: {data: "SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLC…gUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl", enctype: "BASE64"}

hint: "Data is encrypted … We should probably check the encryption type in order to decrypt it…"

success: 1

__proto__: Object

Fourth, there is data and Encrypt information, next we try to decode the data from any online decoder. Make sure to confirm the Encryption type of the data. Here is in my case the encryption type is "BASE64" & the Data is "SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLC…gUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl"

Decoder results as follows ;

In order to generate the invite code, make a POST request to /api/invite/generate

Fifth, from the decode result above, there is a information that we have to create a POST request to api/invite/generate to generate the invite code. To do so we can use curls as follows in CMD :

curl -XPOST https://www.hackthebox.eu/api/invite/generate

Sixth, after the above POST request you will get a data code again which is encoded in BASE64 encryption. Decode it again from here.

Seventh, you will get the the code from the decoder and copy that and paste it to the Hack The Box Invite Page. After the successful invite code submission the page will appear as follows :

Yeaahhhh !!! Congratulations, you got through the test and now you can create a HackTheBox Account.