First of all go to https://www.hackthebox.eu/invite page, the page who has only one text box with big huge SignUp button with creepy smile face.
Right click on the page and go to INSPECT ELEMENT or PAGE-SOURCE. In there we have to find "javascript" file that make our precious invite code. So i began to search under "invite" keyword and found javascript file called "/js/inviteapi.min.js".
So, the next thing we have to do is go to that javascript file and see if we can get any hint about generating invite code. You can simply view javascript code by modifying website url, https://www.hackthebox.eu/js/inviteapi.min.js
After carefully examine this javascript file, you can clearly see function called "MakeInviteCode()". The invite code generating using POST request. What we need to do is, call the function and grab that POST response.
So, now we know the function that generates InviteCode!! lets run it using "console" in "Inspect Element"
Inspect-Element of https://www.hackthebox.eu/invite |
After run the function in console, go to "Network tab". In there you can see POST request are appear. Go to response tab and see our code is there!!
Response received by calling "makeInviteCode()" function |
So, its seems like response data is encoded by base64.. lets decode and see what's in it.
Groovy.. After decoding, the repose message is look like this.
Well,What we waiting for?? lets send POST request to that URL then.. You can use RESTCLIENT plugin in firefox to send POST request.
Response |
well, finally.. Decode this response using base64 and you'll get your invite code!!.
Congratulations!! You successfully hack into the "HackTheBox". Now you can become a member of HackTheBox community!!
All Rights Reserved
Article By : Nisal Priyanka aka COD-HORA