HackTheBox — How I Got the Invite Code of HackTheBox
HackTheBox is an online platform for learning hacking concepts in the form of challenges. I came to know about HackTheBox from LinkedIn. Though there are multiple online platforms like HackTheBox, one thing that caught my attention is, to create the account we need to have Invite code and that has to achieve by digging into the website’s source code.
Yes, as a beginner I also had to take the help of the internet and I got the blog of the Brain Obilo likewise I also tried the same and got the Invite Code. Let's begin with the steps I have performed while finding the Invite Code.
Step 1: Visit the Official website of HackTheBox
Go to https://www.hackthebox.eu/ at this time the homepage looks like this, but if this changes then it's okay not to worry.
Step 2: Route to Invite Challenge Page
You need to click on the Join Now button on the Right Side of the window and you will get the invite page on which we need to enter the Invite Code after that our account will get created.
Step 3: Open Developer Mode in Browser
Here I was using Chrome Browser, hence you may Right Click on the webpage and click on Inspect or simply press Ctrl+Shift+I to enter in Developer Mode.
Step 4: Get to know about Developer Mode
Before we begin to actual steps, here I request you to first try it by own and try exploring the options and tabs in Developer Mode. Here I found a diagram of Skull on the Console tab and the message KEEP CALM AND HACK THIS BOX. Also, you will find the message below the skull “This page loads an interesting javascript file. See if you can find it :)”.
Hence, I started digging on and found javascripts under the Sources tab with folder name “js” with 3 scripts inside it and found inviteapi.min.js where they have commented “//This javascript code looks strange…is it obfuscated???”. Hence I copied all the script and paste it into notepad but that doesn’t help.
Step 5: Locating Inviteapi in URL
You may enter the script name after the main URL for e.g https://www.hackthebox.eu/js/calm.js or https://www.hackthebox.eu/js/inviteapi.min.js but here we have to use a second URL /js/inviteapi.min.js in another tab and need to find makeInviteCode.
Step 6: Calling the makeInviteCode function
Now, again get back to the main developer mode tab and go to the Console tab and type down the makeInviteCode() “Highlighted in yellow in Fig. 6” and press Enter. Later you will find the {0:200, Success:…} message, expand and copy the message from “data:”, which is “Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr”.
Step 7: Decode the message
As you have copied the message besides that you will find enctype as ROT13, hence we need to decode in ROT13. Hence goto Google.com and find the ROT13 decode online. Here, I found rot13.com, paste the message, and observe the result.
Step 8: Make a POST request
As we have now decoded and found to generate the Invite Code we need to make a POST request. Here, I was using Windows OS hence open the command prompt and execute the below command “curl -XPOST https://www.hackthebox.eu/api/invite/generate”. If you are using another OS likewise you need to run this command on their terminal.
Once, you will execute the command you will get a response with another code in it. Copy that code, in above Fig. 9 find the code as “UkVHSk0tWUNBTVUtTkhYTVUtV1dPU0QtRUNLVlI=”
Step 9: Decode a POST request code
Now you have copied the code and now here we need to decode in Base64. Here the main question arises, Why to decode in Base64?. As we observe in the output padding “=” is added at the end, which is usually done in the Base64 encoding so that the length is multiple of four. Further, visit any Base64 decoding online. Here I have visited on base64org.
Enter the code that we got from the POST request and click on DECODE and here finally you will get your Invite Code.
Step 10: Enter the Invite Code
Now copy the invite code and enter it to https://www.hackthebox.eu/invite. Later you will receive the Congratulations Message if you still get an invalid invite error, then kindly copy the code properly.
Now Sign Up and start learning hacking.
ALL THE BEST