Thursday 9 July 2020

Hack The Box (invite challenge)

Hack The Box (invite challenge)

spoiler: i would recommend you to try the challenge yourself at first if you fail after  considerable times then only see this 
step 1:  
At first we open up the page which asks us for the invite code, using chrome or firefox dev tools in the network tab we can see that the page makes a request to https://www.hackthebox.eu/js/inviteapi.min.js  

step 2:

opening up the js file we can see many things listed there. It was obfuscated js code. Decoding the obfuscated code using a online jsbeautifier we get a function makeInviteCode. We open up the first page and in the cosole log enter the function makeInviteCode(). Passing that function and pressing enter would give you a return message which is  encrypted with the encryption type given alongside, decrypting the message using any online decrypter we get    ::   "In order to generate the invite code, make a POST request to /api/invite/generate" 

step 3:

Thus we fire up burp to modify our request, then turn on intercept in proxy tab then we open the page https://www.hackthebox.eu/api/invite/generate using our browser then modify the http request type to POST and then move to the web page revealing the http response gave us a Base64 encoded string, on decoding it we get the invite code 

the same could have been achieved without using burp use the following command 


$ curl -X POST https://www.hackthebox.eu/api/invite/generate 

this would reveal the response in your terminal then decoding the base64 encryption would give you the invite code



happy hacking, :-)












No comments:

Post a Comment

CTF's What are they and Why should you care ?

Capture The Flag events aka CTFs Capture the flag competitions are an excellent way to get started with hacking. Ctfs are organized by vario...