Hack the box: Hack your Invite code!

Posted byJP SinghPosted inUncategorizedTags:, , , , , ,

Hello folks! So before we get started, I hope you know sufficient stuff about Hack the Box. If not, then I’ll tell you along the way. So let’s begin!

Hack the box, what is it?

Basically, Hack the box is an online platform where you can test and advance your penetration testing skills. It contains constantly updating challenges and some other exciting stuff. If you really have interest in network security or information security, then you should definitely try this out.

So let’s hack our way in, shall we?

So first step you have to do is visit the hack the box site https://www.hackthebox.eu which looks like this:

Hack the box Home Page

The site, just like the stuff inside, is awesome and pretty attractive.

So, when you click “join now”, hack the box has a welcome challenge ready for you. You just have to hack your way in! Anyways, you’ll find something like this:

Asking for Invite Code

So, this page asks you for invite code to signup to the site. So how do we do this? Let’s find out!

So, most of you will be familiar with the chrome developer tools. Just press shift+ctrl+i and go to the console. Hack this site has something special for you. You’ll find something like this:

Console

Now, go through the elements tab and you’ll find a script with the source as /js/inviteapi.min.js

Elements of page

So now, go to https://www.hackthebox.eu/js/inviteapi.min.js . You will see a JS file like this:

JS File to hack your way in

So, now you have made this far you will notice that there is a function named makeInvitecode which captures our interest. So, go to the console and type makeInviteCode() and press enter. you will find an encrypted message and when you click the small arrow alongside data, you’ll also find the encryption algorithm like this:

The message and decryption algorithm

In my case, it is encrypted using BASE64. So let’s decrypt it using an online decrypt tool. I’m using https://www.base64decode.org/ .However, in your case, the encryption algorithm might be different like ROT13, etc.

So on decrypting, you’ll find something like this:

Decrypting using BASE64 decryptor

So, the decrypted message is “In order to generate the invite code, make a POST request to https:www.hackthebox.eu/api/invite/generate.

So keep calm and fire up the terminal and type in :

curl https://www.hackthebox.eu/api/invite/generate -XPOST

So, let’s look at the result:

Result of sending POST request

So now successfully found the second code. Let’s again decrypt it using the BASE64 decrypt tool we used before

Decrypting to get the code.

Voila! the decrypted message is your invite code. Submit it and sign up.

Sign up!

Now that you’ve successfully hacked your way in, it’s time you test your hacking skills on some real life scenarios simulations.

If you face any problem in hacking your way in, let me know. Also you can contact me on the links provided at the end.

HAPPY HACKING!

Contact

@singhjp7
Poonch, India

ws.com540@gmail.com

Published by JP Singh

Hi friends,I'm JP .I'm here to share my experiences regarding ethical hacking and linux . I'm on my quest to become a good ethical hacker and computer science engineer. I hope to share my experiences so that they can help you and also help enhance my skills. Thanks :)

Leave a comment

Design a site like this with WordPress.com
Get started