Hack The Box – Tutorial 1: Invite Code

Posted bycybersabrinaPosted inHack The Box, TutorialsTags:, , , ,

Hack The Box is an online platform that allows penetration testing and serves as a hub for people involved in cyber security. With new machines and challenges released on a weekly basis, it is preferable to Hack This Site (Which is still worth your time! In fact, I will be making tutorials for both in parallel).

For the time being I plan on keeping the tutorials concise in order to avoid taking the fun out of the challenges. However, I may change my style with time if I decide that a different approach may be better.

  1. We start off by inspecting the website. Right click on the page and click inspect (Ctrl + Shift + I).
  2. Check the elements. We’re after one of the scripts. It’s the one with the source “/js/inviteapi.min.js”.
  3. Go to hackthebox.eu/js/inviteapi.min.js
  4. Anything catch your eye? Hopefully it’s “makeInviteCode”! That is what we need.
  5. Go back to the invite page and from there to Console (next to Elements).
  6. We want to see what this function contains. Type makeInviteCode() and hit Enter.
  7. Expand the data. You should get a line of encrypted data and the encryption method. Mine was ROT13, a simple shift cipher. Yours may be different.
  8. Decrypt the data. ROT13 is when you encrypt the data by rotating each letter by 13 in the alphabet. So ‘V’, the first letter of our data, becomes ‘I’. If you don’t already know how to do this, I recommend doing it by hand. Otherwise you can use a website to do it for you. In either case, if you are craving some coding practice on the side you could always make your own decrypion program for this. We are asked to make a POST request to hackthebox.eu/api/invite/generate.
  9. Now we need a terminal! Make your request by typing: curl -XPOST https://www.hackthebox.eu/api/invite/generate
  10. You should see the code, and that it is encoded. Once you decode it, you will have your invite code.
  11. The encoding is in Base64. Here is a decoder you can use for this.
  12. Your code should be five groups of five uppercase letters separated by hyphens. Pop it in on the invite page.

Welcome to the community!

Leave a comment

Design a site like this with WordPress.com
Get started