Get an invite to Hack the box
There is a category of games or exercises for hackers called CTF ( Capture the flag; hunt for the flag ). One of the most famous sites in this category is Hack The Box. Wishing to try their skills, or rather for their additional leveling, it was decided to register there. But I got an unexpected situation when I need to write an invite ( invitation ) code in the input line .
Having realized that an invite should be looked for in the same place on the site, I decided first of all to delve into the source HTML code of the site which I did not succeed in, since There is no such choice in the menu by clicking RMB on the page, but there is a choice to explore the item. Choosing the study saw a curious detail
What was needed is inviteapi.min.js. Copying the link element went through it in the browser and saw another code
I outlined what we need at this stage. I switch to the Chromium browser for ease of use. By pressing F12 to work with the developer console I see such a picture
So I am on the right track, since I see such a "Easter egg". Scroll below the top of the input line to insert the previously highlighted words makeInviteCode (). Click the down arrow and see the cipher with the explanation that the message for us is encoded by the algorithm BASE64
Go to the website http://secundomer.ru/index.php?r=base64/encode/ insert the cipher for decoding and get a hint
"In order to generate the request code, make a POST request to / api / invite / generate"
Those. We need to add / api / invite / generate to our link Hack The Box , but using the POST method, i.e. Sending packages to this address does not occur in the address bar of the browser, but in the body of the site. We open the terminal and enter in it:
curl -XPOST https://www.hackthebox.eu/api/invite/generate
And we get the result - one more code:
UUpIVlktSEpJWFQtTE1HQVktQVRPQ1ctSEpGRVQ =
On the same site, insert it for decoding and get the code
QJHVY-HJIXT-LMGAY-ATOCW-HJFET - this is my invite.
Task completed. Code received! Now you can register.
Commentaires