Hack The Box (invite challenge)
spoiler: i would recommend you to try the challenge
yourself at first if you fail after considerable times then only see
this
step 1:
At first we open up the page which asks us for the invite code, using
chrome or firefox dev tools in the network tab we can see that the page
makes a request to https://www.hackthebox.eu/js/inviteapi.min.js
step 2:
opening up the js file we can see many things listed there. It was obfuscated
js code. Decoding the obfuscated code using a online jsbeautifier we get a
function makeInviteCode. We open up the first page and in the cosole log enter
the function makeInviteCode(). Passing that function and pressing enter would
give you a return message which is encrypted with the encryption type
given alongside, decrypting the message using any online decrypter we
get :: "In order to generate the invite code, make a
POST request to /api/invite/generate"
step 3:
Thus we fire up burp to modify our request, then turn on intercept in proxy
tab then we open the page https://www.hackthebox.eu/api/invite/generate using our browser then modify the http request type to
POST and then move to the web page revealing the http response gave us a
Base64 encoded string, on decoding it we get the invite code
the same could have been achieved without using burp use the following
command
$ curl -X POST https://www.hackthebox.eu/api/invite/generate
this would reveal the response in your terminal then decoding the base64
encryption would give you the invite code
happy hacking, :-)
