Har1743.github.io

This is my blogging website.

---

Project maintained by Har1743 Hosted on GitHub Pages — Theme by mattgraham

Hack The Box

What is HTB

Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.

How to get started with HTB

To join with HTB, firstly HTB test your capablity that you are having sufficient skills right now or not.
So to join with HTB we have given a task to enter the invite code.

How to get invite code

This is a very tricky question that we don’t have any invite code so what can we do now.

The answer is that we have to fuzz the website and enumerate for invite code.

Let’s go

Firstly got to the official HTB website.
https://www.hackthebox.eu

Then there is a page for Join now
https://www.hackthebox.eu/invite

Now what we are stuck that we dont have the invite code.
Let’s start enumerating the website.

Let’s check the inspect element

There we found a suspicious path /js/inviteapi.min.js

Let’s check this path
Then we redirected to a page

Let’s check this content

Wait we got something there is line

'function|console|log|makeInviteCode|ajax|type|POST|dataType
|json|url||api|invite|how|to|generate|success|error'

In this makeInviteCode looks suspicious let’s again go to the invite page and check the contents of makeInviteCode
https://www.hackthebox.eu/invite

Again open the inspect element and in that open console tab and type makeInviteCode() and press enter.

Hey we got something
There is a data

Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr

It is ROT13 encrypted..

Let’s decrypt this data for that i prefer https://cryptii.com/pipes/rot13-decoder

After decrypting we got a message In order to generate the invite code, make a POST request to /api/invite/generate

Let’s make a post request to https://www.hackthebox.eu/api/invite/generate
Using

curl -XPOST https://www.hackthebox.eu/api/invite/generate

We got a base64 message

VlJOTFUtRlRMTVMtTFNGRUotUFVPT0QtREJVTlE=

let’s decode that message on https://www.base64decode.org/

We got our invite code

VRNLU-FTLMS-LSFEJ-PUOOD-DBUNQ

Got to the invite page again and use this invite code on the invite page

We are in

Now make your account.

HAPPY HACKING

Author : Hardik Chugh