Enter Hack The Box

in #ethicalhacking6 years ago

Recently a friend of mine suggested to start playing CTF (Capture The Flag). So I started with "Hack the box".
Hack the box is basically a platform to test your skills in Penetration Testing.

In order to sign up, you've to crack the invite code

01.png

Start with inspect element and analyze that.
You'll find a script as /js/inviteapi.min.js

02.png

So now, go to https://www.hackthebox.eu/js/inviteapi.min.js . You will see a file like this

03.png

This is the point where I got stuck, since I don't have that much hold on JavaScript. So I'd search the web for further clarification.

Finally found a tool called jsbeautifier

"JavaScript beautifier" is a tool to unpack or deobfuscate JavaScript and HTML

04.png

You will see that there is a function named makeInviteCode()

This function actually make/generates your required invite code

Now make a POST request to the url mentioned in the function (/api/invite/how/to/generate)

05.png

Observe that Base64 Encoding is used. Search online for Base64 decoder and decrypt it

07.png

Again make a POST request to /api/invite/generate

06.png

Notice that it says format:encoded, So try with base64 decoder

08.png

And voila, you've got the invite code. Happy Hunting

Note: You'll not always be able to capture the flag, there'll be times when you'll get stuck, but that's the fun part of playing CTF's. You'll always learn something new.

kali.png

#cybersecurity #hacking #ctf #pentesting
6 years ago in #ethicalhacking by
$0.00
    1 vote
    Reply 0

    Coin Marketplace

    STEEM 0.19
    TRX 0.19
    JST 0.033
    BTC 89248.16
    ETH 3020.22
    USDT 1.00
    SBD 2.81