Pages

How to Hack "HACK THE BOX" website!!

The HackTheBox is an legal online platform allowing you to test your penetration testing or hacking skills. In order to SignUp to "HackTheBox" website, you have to hack into that website and get invite code. Since i am pretty much like challenges and hacking stuffs, today tutorial is all about how to break into "hackTheBox" site and get invite code.
  
First of all go to https://www.hackthebox.eu/invite page, the page who has only one text box with big huge SignUp button with creepy smile face.

Right click on the page and go to INSPECT ELEMENT or PAGE-SOURCE. In there we have to find "javascript" file that make our precious invite code. So i began to search  under "invite" keyword and found javascript file called "/js/inviteapi.min.js". 


So, the next thing we have to do is go to that javascript file and see if we can get any hint about generating invite code. You can simply view javascript code by modifying website url, https://www.hackthebox.eu/js/inviteapi.min.js


After carefully examine this javascript file, you can clearly see function called "MakeInviteCode()". The invite code generating using POST request. What we need to do is, call the function and grab that POST response.

So, now we know the function that generates InviteCode!! lets run it using "console" in "Inspect Element"

Inspect-Element of https://www.hackthebox.eu/invite

After run the function in console, go to "Network tab". In there you can see POST request are appear. Go to response tab and see our code is there!!




 
Response received by calling "makeInviteCode()" function

So, its seems like response data is encoded by base64.. lets decode and see what's in it.

Groovy.. After decoding, the repose message is look like this.


Well,What we waiting for?? lets send POST request to that URL then.. You can use RESTCLIENT plugin in firefox to send POST request.



Response

 well, finally.. Decode this response using base64 and you'll get your invite code!!.



Congratulations!!  You successfully hack into the "HackTheBox". Now you can become a member of HackTheBox community!!


All Rights Reserved
Article By : Nisal Priyanka aka COD-HORA 
 

CYBER SECURITY

Google Hacking Cheat Sheet

SQL Injection Cheat Sheet

PROXY CHAIN - evade detection when hacking

DOS attacks ( simple explanation )

How to implement Cross-site Request Forgery protection in web applications via Synchronizer Token Patterns.

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. There are many ways in which a malicious website can transmit such commands; specially-crafted image tags, hidden forms, and JavaScript XMLHttpRequests, for example, can all work without the user's interaction or even knowledge. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. [Wikipedia]

Passive Information Gathering - Online Hacking tools



Google Hacking  

Locate security vulnerabilities on the internet using search engines, such as Google can called as Google hacking. We can identify Google Hacking as a passive information gathering techniques. Generally, there are two types of vulnerabilities we can found on the web: Software vulnerabilities and misconfigurations.

  For the example, imagine we need to gather information about hotels in United State. Most of the people that didn’t aware of Google Footprint Techniques do it like following,

How to insert images into database using JAVA SWING

Insert Images into any database using JAVA SWING APP

(Special Tutorial for beginners)

PART 1 - Basic handling of image