Join hack the box | Hack the box invite code challenge 2020


What up guys awakengaming here again with
another video. So today we are going to be talking about
hack the box, and more specifically how to defeat the invitation challenge. So to get started i’m going to tell you guys
a little bit about hack the box. Basically it’s a platform that lets you VPN
into it. Then it give you access to multiple servers
that your can hack. It’s complacently legal. You can go all the way from the initial port
scan to detecting vulnerable services, getting your initial foot hold, and then pivoting
through lateral privilege as well as privilege escalation. Finally you get the two flags, the user flag
and the root flag. You submit those, so its kinda ctf like capture
the flag like but um so its definitely more life like than normal capture the flag are,
Anyway so let go ahead and get into this challenge. Can I just take a second to say this website
is beautiful. Look at the interaction between the mouse
and these little lines here that’s awesome. Anyway so we are going to want to come in
here and go to hackthebox.eu/invite i’ll leave the link to that in the description so you
guys can find it easier. You right click and inspect. We are looking for something that will give
us some sort of foothold here, so it will probably be in one of these scripts here. We can go through, that’s google analytics. This is front end min js, here is invite api,
lets look at that. Yep and this is it. and also there is this
which is kinda like a decoy they do like to put decoys in quite a bit, so basically this
when you go into the console it will print this out, that’s really all this is. But any way we found this and if we scan through
here to see if we see anything interesting we see make invite code. OK. So this looks like java script perhaps, so
if we come in here and we go to the console see there is that. Keep calm and then it says dev tools bla bla
bla. So if we come in here and we try to type that
in we can um maybe interact with that API and get something going here. So lets try that out. So if we make invite code and the we close
it off be we think its java script since its in the java script folder. Press enter and we get a 200 OK success and
if we drill down in here we get some weird data looking stuff here. And it identifies the encryption type here
so if we go ahead and grab this by double clicking it and control C it says its ROT
13 so if we. ROT13 decode and this maybe different for
you they change the encryption type every time so you might get base 64 or you might
get brain fuck might get ROT 13 it just depends so you have to make sure you look at this
encryption type so here is ROT 13, so if we past that in it says in order to generate
the invitation code you need to do a POST request to https://www.hackthebox.eu/api/invite/generate
so there are a couple of way to do this, if you already have kali linux you can use burp
suit to do this, but we don’t so we are going to do this in a console. and since we are
running windows right now we are going to do it in command prompt or if you are using
a linux device you can use the prompt there as well. so we are going to do a curl command on this
and this does work in windows, so curl -XPOST https://www.hackthebox.eu/api/invite/generate
code and we get this we get a success and then we get
some code here as well and this says that it’s encoded as well and from the alpha numeric
state and it using and=sign to get it into and even number we can tell the is base64
so control C that. then we can go to a base64 decoder base64
decoder and we can paste this in as well and decode it and here we get our invitation code,
so if we copy that come back here and we past it in we sign up i’m i have already signed
up so it will take me to a different screen. I’ll open up an incognito window and show
you guys what you will land on go to invite challenge we past our code in there hit the
sign up and it says hack the box congratulations got it its telling you about cookies. So then you input your user name and password. press accept you don’t have to the products
and services, and then register and then it will take you to this page this is kinda of
just like information like how many machine are currently active how many people are online
this is how many connection, response time. This is a heat map, vpn origins most every
one is connecting form the usa, top teams it’s a pretty good looking interface, but
um. That will be it for this tutorial,if you guys
need any help, if I wasn’t clear about something or you get stuck on some part please leave
that in the description and i’ll help you as best I can. If you do like this content and want more
we will be doing a how to install kali linux, how to get that all set up along with your
vpn access and all that so that we can begin to actually hack some of these boxes we will
be doing that in the next episode. If guys would like the return for that content
please consider subscribing and ringing the notification bell so that way you are notified
when I upload videos. With that being said thank you guys so much
for taking some of your time out of you day to spend that with me and i’ll see you next
time.

Leave a Reply

Your email address will not be published. Required fields are marked *