Hack the box invitation challenge

Hack the box invitation challenge

Prabesh . Prabesh .

Prabesh .

Building Secure, Reliable & Resilient Distributed Systems | Docker Captain ??

发布日期: 2019年10月7日
+ 关注

In this short article I will show you how to perform basic CTF by hack-the-box.

In order to sign up for the website, there is a short invite challenge that you need to complete and get the invite code. When you first go the website and click invite challenge in URL

https://www.hackthebox.eu/invite

No alt text provided for this image


In order to sign up you need an invitation code which need to be found. If you right click and inspect element you can view the source page of the website. There you can see a JavaScript which included in website. Right click inspect, you can see there is a javascript called /js/inviteapi.min.js


No alt text provided for this image



Now if you copy /js/inviteapi.min.js and add it in the main url it. Go to https://www.hackthebox.eu/js/inviteapi.min.js

You will see following page. Now, again right click on it and inspect page, you will see something interesting.

 

No alt text provided for this image


There is a JavaScript function called makeInviteCode. If you try that function in this page it will not work. But if you go to the main page which is

https://www.hackthebox.eu/invite and run that function in console. You will see following.


 

No alt text provided for this image


 

No alt text provided for this image
No alt text provided for this image


Here, we can see data which is

Data: Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr\

Enctype: ROT13


This is not our invitation code, as we can see it is encrypted using ROT13. ROT13 stands for Rotation of Text 13 just Ceaser cipher where text is rotated by 13 characters.

You can decrypt it by going to following website and pasting the data.

https://rot13.com/

No alt text provided for this image


When you decrypt it, you are given message stating create a POST request to /api/invite/generate

Now, we modify the URL into following and perform POST request using CURL

https://www.hackthebox.eu/api/invite/generate

Which looks like this

No alt text provided for this image



After this we can see the code, but still we do not have the invitation code, as we can see its format is encoded.

SUxNQk8tVURGSE4tSUtKVlMtWk9GQkwtUUhCQ1c=

 

Format: encoded

From the encoding we can see that it is encoded using base64 encoding mechanism. How we know it,

Using following three ways:

1.      Length is multiple of 4 characters

2.      Every character is from A-Z, a-z, 0-9, +, /

3.      Padding at end is either 0,1 or 2 ‘=’ characters

In order to decrypt it, we go to following website and paste the code that we got from POST request.

https://www.base64decode.org/

 

When you run it you can see the code.

ILMBO-UDFHN-IKJVS-ZOFBL-QHBCW

Copy and paste the code into the main invitation URL which is

https://www.hackthebox.eu/invite

 

No alt text provided for this image

 


 You will be prompted with congratulation message and a sign-up page.


No alt text provided for this image

 

 

Note: If you want to bypass this hassle and just sign up, you can directly visit following URL. Above challenge is just for entertainment.

https://www.hackthebox.eu/register

 

Thanks

要查看或添加评论,请登录

Prabesh .的更多文章

  • Why should everyone in the team be involved in the recruitment process?
    2020年11月19日

    Why should everyone in the team be involved in the recruitment process?

    Hello everyone, I wanted to share some interesting things that happened to me in the workplace. I am sure this has…

    1 条评论
  • Why should you be honest in an IT interview?
    2020年8月17日

    Why should you be honest in an IT interview?

    I have faced this and most of you might have as well. Today, I wanted to share some learning experiences that I faced…

    5 条评论
  • What is container and what is docker?
    2020年8月8日

    What is container and what is docker?

    What is docker? It is a powerful tool which allows devops (system administrator, developers) to deploy application from…

  • Are docker containers secure by default?
    2020年8月8日

    Are docker containers secure by default?

    Short answer No, is it is not more secure by default. But, we can make container secure by implementing various…

  • Could not get lock /var/lib/dpgk/lock-front end
    2020年8月8日

    Could not get lock /var/lib/dpgk/lock-front end

    When you are new to Linux, you might bump into following error and can be frustrating if you don’t know what actually…

  • Find all the sleeping processes
    2020年8月8日

    Find all the sleeping processes

    Hello today, i am going to show you how you can find all the processes that are sleeping. First you need to see what…

  • kill -15 vs kill -9
    2020年7月23日

    kill -15 vs kill -9

    When we issue kill -15 which in Linux is called SIGTERM. A SIGTERM means termination signal.

  • Dissecting DIG command
    2020年2月25日

    Dissecting DIG command

    Dig stands for Domain Information Groper. As the name suggests it is used to grab information from DNS server.

  • Why "Systemd" outperformed "Init" ?
    2020年2月15日

    Why "Systemd" outperformed "Init" ?

    Before answering this question let me first give an overview what both of these mean. SysVinit: It is a Linux process…

    2 条评论
  • Special permissions (SetUID, SetGID, Stickybit)
    2020年1月26日

    Special permissions (SetUID, SetGID, Stickybit)

    Have you ever thought why normal user can issue passwd command even when user is not the owner of /usr/bin/passwd nor…

社区洞察

其他会员也浏览了