" /> How to complete hack to the box sign up challange | Dinusha Tharindu
Post

How to complete hack to the box sign up challange

Posted Updated
By
3 min read

I think everyone knows about “hack the box” ( https://www.hackthebox.eu/). it’s a cool place to learn about cybersecurity. owners made It more attractive by adding challenges to resolve. simply you have to hack the site in order to Sign up 😁 .  nice . 

Let see how we hack the signup page ( https://www.hackthebox.eu/invite )

    Been thank full to their Hint lets go to the Console page.  ( Right Click > Inspect )

If you looked for more, you can find more Hints hidden in the page source. Here’s a one. 

So the next hint is the page is loaded with Javascript so let’s find where it’s hidden. 

usually, the javascript file extension is “ . JS “ so now you know where to look. it seems we have a few but I’m particularly inserted in one script called “ inviteapi.min.js “.

Now we have the path to the Javascript so then let’s try to access it from the browser. ( it’s obviously a web directory ) it’s all about making the correct URL and the Path to the File.

So you will have something like this as the Full path. 

“https://www.hackthebox.eu/js/inviteapi.min.js”

Put it on any browser and hit enter , you’ll directly go into the script.

Its looks like this so it’s better if you can use a text editor like notepad++ to breakdown the script. 

Ok, now you have something like above, so look for the next hint. so assuming the above-highlighted text are functions I have searched that text name on the console search. 

Boom 😀. 

“makeInviteCode” responded with successful text so let’s recall the same function with Full correct syntax

“ makeInviteCode() “

Lalalala La 😀.  Ok, we have the full data set called by the function.

Look at the output carefully. 

We have a hint 😅 with encrypted data and the type of the method it encrypted.

Next is simple because we have “ Google God “ 😎.

Just simply Search “ BASE64 to Text online “ , and go for the first option and convert your encrypted text into Human-readable text.

I used “ https://cryptii.com/pipes/base64-to-text “ 

I got something like this. 

So the instructions are. 

“In order to generate the invite code, make a POST request to /api/invite/generate”

Ok , How we do it ? 😐😐

Just Google it. 

After a bit of research, I found that we can use the tool called “CURL”.

“curl is a tool to transfer data from or to a server, using one of the supported protocols.”

Look for the MAN page for more info.

https://curl.se/docs/manpage.html#-x

so as per the instructions we need to make a post request over the HTTPS to the mentioned URL.

Just go to CMD and type “ curl –help “ so we can have a bit of a glimpse.

after searching here and there, I came up with the command to make the post request. 

curl -X POST  https://www.hackthebox.eu/api/invite/generate

Open the command prompt or any other terminal and type the command and hit enter to get the invite code to generate. 

Here you go 😃. we have the code but it also encoded. 

same as before go for a google search to get the text decoded. 

Whoh 😍.. We have the invitation code now. use this code on the signup page to create your Hack the Box account. 

Happy Learning and Happy Hacking 😎

Blogging, hacking
blog hacking Growth IT industry
This post is licensed under CC BY 4.0 by the author.