hack – in – the – box

  • browse to login page: https://www.hackthebox.eu/invite
  • inspect code using your browser – Command + Option + C (Mac)
  • identify the line:

"src="/js/inviteapi.min.js"

  • type into the browser: https://www.hackthebox.eu/js/inviteapi.min.js and copy all the response code:

eval(function(p,a,c,k,e,d){e=function(c){return
c.toString(36)};if(!''.replace(/^/,String)){while(c--){d=k||c.toString(a)}k=[function(e){return
d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k){p=p.replace(new
RegExp('\\b'+e(c)+'\\b','g'),k)}}return p}('1 i(4){h
8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1

j(){$.9({a:”7″,5:”6″,b:\’/d/e/k/l/m\’,c:1(0){3.2(0)},f:1(0){3.2(0)}})}’,24,24,’response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify’.split(‘|’),0,{}))

  • using Tor Browser search in DuckDuckGo for: “javascript deobfuscator” choose this website: http://deobfuscatejavascript.com/ paste in the code above and press Deobfuscate button
  • as visible in the clear code function “makeInviteCode()” is to be used
  • browse back to: https://www.hackthebox.eu/invite and type in console: “makeInviteCode()”
  • you will get a reply like this, encoded with enctype: “ROT13”

Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr

  • search with DuckDuckGo in Tor for: “riot13 decoder” and choose website: https://rotencoder.com/
  • paste in the phrase above and it will be decrypted into: “In order to generate the invite code, make a POST request to /api/invite/generate”
  • open the terminal and type:

MacBookPro:~ root# curl -X POST https://www.hackthebox.eu/api/invite/generate
{"success":1,"data":{"code":"QlpIUEstUEROWE0tS0RKTUotQU9aWVktV0lBRkQ=","format":"encoded"},"0":200}DESKTOP-9ED3FBN:~ root#

  • search with DuckDuckGo in Tor for: “base64 decryptor”
  • choose: https://www.base64decode.org/
  • paste the above obtained hash: QlpIUEstUEROWE0tS0RKTUotQU9aWVktV0lBRkQ=
  • and you will get the invitation code: “BCHPK-PSNXM-KDJBJ-AOZYY-WEAFD”

 

Leave a comment

Your email address will not be published. Required fields are marked *