HackTheBox Invite Code Tutorial
HackTheBox is an online platform to test and advance your skills in penetration testing and cyber security. Join today and start training in their online labs.
Resources & Tools:
https://www.hackthebox.eu/invite
Step 1.
Go to https://www.hackthebox.eu/invite in Chrome and press Ctrl + Shift + I to open DevTools.
In the Elements tab, review the code and find,
<script defer="" src="/js/inviteapi.min.js"></script>
Copy the .js link address, and go to it.
Step 2.
Review the https://www.hackthebox.eu/js/inviteapi.min.js website.
Notice,” makeInviteCode”. Copy that text and go back to the invite website.
Step 3.
In DevTools, click the Console tab which is located beside the Elements tab.
Type: makeInviteCode() and press enter.
Click the arrow next to: {0: 200, success: 1, data: {…}}
Also, note the string of characters after “data:”
Click the arrow next to: {data: ………..
(This part may be different for you, but the process will be similar)
Also, notice enctype: “ROT13”.
ROT13 indicates how to decipher the string of characters after “data:”
Copy the string of characters after “data:”
For me, it’s: Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb
/ncv/vaivgr/trarengr
Step 4.
Go to: https://rot13.com/
Paste the string of characters and it’ll decode the message:
“In order to generate the invite code, make a POST request to /api/invite/generate”.
Step 5.
Make a POST request by opening terminal (Command Prompt).
Type: curl -XPOST https://www.hackthebox.eu/api/invite/generate
Review results.
Copy the string of characters after: {:code”: ………………….
For me it’s: V1hISkwtV0xIWEItUU5YVFgtTlFEVkwtU1BKUFc=
Step 6.
In this step, we’ll use a different decoder.
Go to: https://www.base64decode.org and paste the string of characters from the terminal.
Click the <DECODE> button.
Retrieve what seems to look like a serial number.
For me it’s: WXHJL-WLHXB-QNXTX-NQDVL-SPJPW
Step 7.
Go back to the sign up page.
Paste the code and click the “Sign Up” button.
Step 8.
Send me Bitcoins.
