How to approach it ?
Hackthebox.eu doesn’t allow you to register. The only way to sign up is by having an insider to provide you with an invite code or hack your way in.
I don’t have someone to provide me an invite code so I have to hack me way in.
I see that the file makes an interesting post request makeInviteCode()
I run it on the console of inspect elements, and I was able to pull up some interesting data:
There is a string encoded on base64. By doing a google search of base64 to text, I end up at https://www.base64decode.org/ and was able to decode the string:
In order to generate the invite code, make a POST request to /api/invite/generate
That is great news. Now I need to send a POST request in order to generate an invite code.
On Firefox browser, I used the pentest add-on called hack bar to execute the post request.
As the following shows I got an error message: “Whoops something went wrong”
Now I do the post request:
Where we get the invite key but is encoded in base64:
Solution | Invite Code
Again I used the website to decode and get the following result.
And Uala, I’m in. Now I can finally register 😉
Tip: After filling out the form don’t look for a submit button, just hit ENTER