Hack The Box how to get in

by Rahul Gautam

HACK THE BOX

making an account for hack the box

what is hack the box?

Hack the box is a platform that provides different Pen-Testing Labs with different categories where you can use your skill to retrieve the hidden flag and solve the problem (basically a CTF).

Now,
Since hack the box is a Pen-Testing lab, making an account requires basic knowledge about web applications. Here are the steps to make an account for hack the box.

First,
go to the website https://www.hackthebox.eu/

You will see,

Continue with the individuals button that redirects you to, https://www.hackthebox.eu/individuals

Then,
scroll down until you find the Join button as shown in the image

Clicking the join button redirects you again to https://www.hackthebox.eu/invite

now you will see that the website asks you for an invite code as shown in the image

Now is where you might have no idea, you can see that it says
“Feel free to hack your way in :)”

How to hack your way in?
now, I will provide you with a solution for getting your own invite code.
First, Inspect the website (i.e. go to the inspect element)
you will get

now go to the Sources tab, you will get

now, you can find the js folder there, expand the folder and you will get

Hmmm, there is a JS file called inviteapi.min.js which seems like that it might contain some stuff

the source for the js seems to be at: https://www.hackthebox.eu/js/inviteapi.min.js

Visiting the url you can see,

here looking through the code, you can find different function in which makeInviteCode is one of them.
Now,
Go to the console tab in inspect element, you can see

now, scroll down and type in as shown in the figure

you will get a code in data and seems like its encrypted as BASE64

then go to https://gchq.github.io/CyberChef/ which is one of the best  debugging platform.

Copy your base64 code and paste it in the website selecting the From base64 option

put you base64 in input and get the output as in the figure

now, use curl in the terminal to go the site /api/invite/generate with POST method as shown in the figure,

sending the request, you will get your code,

now copy the code and decrypt the value again using the same process like we did before and you will get,(its in BASE64)

Copy the code in the output and place it in the invite,

use the invite code in the box that was prompted at the beginning,

you will get

Congratulations, all you need to do is scroll down and fill in the form

here you go now you can register and do the CTFs and challenges in the machine, I recommend you to go through all the stuffs in the beginning so you dont get hacked by your fellow members XD.