Enter Hack The Box

in #ethicalhacking6 years ago

Recently a friend of mine suggested to start playing CTF (Capture The Flag). So I started with "Hack the box".
Hack the box is basically a platform to test your skills in Penetration Testing.

In order to sign up, you've to crack the invite code

01.png

Start with inspect element and analyze that.
You'll find a script as /js/inviteapi.min.js

02.png

So now, go to https://www.hackthebox.eu/js/inviteapi.min.js . You will see a file like this

03.png

This is the point where I got stuck, since I don't have that much hold on JavaScript. So I'd search the web for further clarification.

Finally found a tool called jsbeautifier

"JavaScript beautifier" is a tool to unpack or deobfuscate JavaScript and HTML

04.png

You will see that there is a function named makeInviteCode()

This function actually make/generates your required invite code

Now make a POST request to the url mentioned in the function (/api/invite/how/to/generate)

05.png

Observe that Base64 Encoding is used. Search online for Base64 decoder and decrypt it

07.png

Again make a POST request to /api/invite/generate

06.png

Notice that it says format:encoded, So try with base64 decoder

08.png

And voila, you've got the invite code. Happy Hunting

Note: You'll not always be able to capture the flag, there'll be times when you'll get stuck, but that's the fun part of playing CTF's. You'll always learn something new.

kali.png

Coin Marketplace

STEEM 0.24
TRX 0.25
JST 0.040
BTC 97266.27
ETH 3451.82
USDT 1.00
SBD 3.34