Hack The Box (invite challenge)

Hack The Box (invite challenge)

spoiler: i would recommend you to try the challenge yourself at first if you fail after  considerable times then only see this 

step 1:  

At first we open up the page which asks us for the invite code, using chrome or firefox dev tools in the network tab we can see that the page makes a request to https://www.hackthebox.eu/js/inviteapi.min.js  

step 2:

opening up the js file we can see many things listed there. It was obfuscated js code. Decoding the obfuscated code using a online jsbeautifier we get a function makeInviteCode. We open up the first page and in the cosole log enter the function makeInviteCode(). Passing that function and pressing enter would give you a return message which is  encrypted with the encryption type given alongside, decrypting the message using any online decrypter we get    ::   "In order to generate the invite code, make a POST request to /api/invite/generate" 

step 3:

Thus we fire up burp to modify our request, then turn on intercept in proxy tab then we open the page https://www.hackthebox.eu/api/invite/generate using our browser then modify the http request type to POST and then move to the web page revealing the http response gave us a Base64 encoded string, on decoding it we get the invite code 

the same could have been achieved without using burp use the following command 

$ curl -X POST https://www.hackthebox.eu/api/invite/generate 

this would reveal the response in your terminal then decoding the base64 encryption would give you the invite code

happy hacking, :-)