hack – in – the – box

  • browse to login page: https://www.hackthebox.eu/invite
  • inspect code using your browser – Command + Option + C (Mac)
  • identify the line:


  • type into the browser: https://www.hackthebox.eu/js/inviteapi.min.js and copy all the response code:

RegExp('\\b'+e(c)+'\\b','g'),k)}}return p}('1 i(4){h


  • using Tor Browser search in DuckDuckGo for: “javascript deobfuscator” choose this website: http://deobfuscatejavascript.com/ paste in the code above and press Deobfuscate button
  • as visible in the clear code function “makeInviteCode()” is to be used
  • browse back to: https://www.hackthebox.eu/invite and type in console: “makeInviteCode()”
  • you will get a reply like this, encoded with enctype: “ROT13”

Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr

  • search with DuckDuckGo in Tor for: “riot13 decoder” and choose website: https://rotencoder.com/
  • paste in the phrase above and it will be decrypted into: “In order to generate the invite code, make a POST request to /api/invite/generate”
  • open the terminal and type:

MacBookPro:~ root# curl -X POST https://www.hackthebox.eu/api/invite/generate
{"success":1,"data":{"code":"QlpIUEstUEROWE0tS0RKTUotQU9aWVktV0lBRkQ=","format":"encoded"},"0":200}DESKTOP-9ED3FBN:~ root#

  • search with DuckDuckGo in Tor for: “base64 decryptor”
  • choose: https://www.base64decode.org/
  • paste the above obtained hash: QlpIUEstUEROWE0tS0RKTUotQU9aWVktV0lBRkQ=
  • and you will get the invitation code: “BCHPK-PSNXM-KDJBJ-AOZYY-WEAFD”


Leave a comment

Your email address will not be published. Required fields are marked *