• browse to login page: https://www.hackthebox.eu/invite
  • inspect code using your browser – Command + Option + C (Mac)
  • identify the line:
  • type into the browser: https://www.hackthebox.eu/js/inviteapi.min.js and copy all the response code:
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d=k||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k)}}return p}('1 i(4){h 8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1 j(){$.9({a:”7″,5:”6″,b:\’/d/e/k/l/m\’,c:1(0){3.2(0)},f:1(0){3.2(0)}})}’,24,24,’response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify’.split(‘|’),0,{}))
  • using Tor Browser search in DuckDuckGo for: “javascript deobfuscator” choose this website: http://deobfuscatejavascript.com/ paste in the code above and press Deobfuscate button
  • as visible in the clear code function “makeInviteCode()” is to be used
  • browse back to: https://www.hackthebox.eu/invite and type in console: “makeInviteCode()”
  • you will get a reply like this, encoded with enctype: “ROT13”
Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr
  • search with DuckDuckGo in Tor for: “riot13 decoder” and choose website: https://rotencoder.com/
  • paste in the phrase above and it will be decrypted into: “In order to generate the invite code, make a POST request to /api/invite/generate”
  • open the terminal and type:
MacBookPro:~ root# curl -X POST https://www.hackthebox.eu/api/invite/generate {"success":1,"data":{"code":"QlpIUEstUEROWE0tS0RKTUotQU9aWVktV0lBRkQ=","format":"encoded"},"0":200}DESKTOP-9ED3FBN:~ root#
  • search with DuckDuckGo in Tor for: “base64 decryptor”
  • choose: https://www.base64decode.org/
  • paste the above obtained hash: QlpIUEstUEROWE0tS0RKTUotQU9aWVktV0lBRkQ=
  • and you will get the invitation code: “BCHPK-PSNXM-KDJBJ-AOZYY-WEAFD”

Leave a Reply

Your email address will not be published. Required fields are marked *