Hack the Box Registration Challenge Walk Through | Solve in 5 Mins

April 11, 2019


Hackthebox is one of the best sites to test and improve your hacking skills, I personally joined it 5 days ago and it’s fun to complete challenges and crack the active boxes. I recommend beginners to buy VIP which costs 10 Euros, because VIP members can have access to retired machines which are rotated every week. 20 Retired machines are available every week and they are rotated based on voting’s and other stuff. Hack the box allows users to write write-ups for the retired machines. So, you can find tons of write-ups for the retired machines. So, it helps beginners in leaning and solving the active machines with ease.


Once you are familiar with the retired machines Enumeration and Privilege Escalation process, you can head ahead and start cracking the active machines. If you directly go and attack the active machines it’s going to be very hard to crack them, as you won’t get much of a support (excluding the support from forums). Also by going through various walkthroughs you can get different kinds of methodologies followed to enumerate something. My Suggestion is even after you crack a box on your own, go through other’s HTB walkthroughs and check if there is something new that you don’t know. You will always find something new always. So, let’s get ahead and go join the Hackthebox. This is for educational purpose only.



SPOILER AHEAD…. DO NOT READ, IF YOU WANT TO CRACK THE REGISTRATION PROCESS ON YOUR OWN




THIS IS MERELY CREATED FOR EDUCATIONAL & ETHICAL PURPOSE, AUTHOR IS NOT RESPONSIBLE FOR ANY ILLEGAL ACTIVITIES DONE BY THE VISITORS





HackTheBox.eu Registration Walk Through in 5 Mins


Step 1.  Go to https://www.hackthebox.eu/ ; scroll down and click on “Join

Step 2. You will be redirected to https://www.hackthebox.eu/invite ; here you need to make a way to get invite code to join hackthebox



Step 3. You need to do some reconnaissance now. First step to start a web pentest is always check the source code of all the connected files.Right click on your web browser and click on “Inspect” to view the details of the web page.


Step 4.    When I was going through the registration process few days ago it took me few minutes to know what to do. I was just going through all the source code and found something interesting i.e., JavaScript Files



Step 5. There are two JavaScript Files being used to run this page. Just go through those 2 javascript files.


Step 6.   After going through the JS Files, There are some functions available in inviteapi.min.js file. Out of all the functions, two of them seem interesting. But we just need only one. So, let’s run ‘makeInviteCode’ function. So, let’s try calling those functions.


Step 7.  Let’s move to console tab and run “makeInviteCode()” function. We got a 200 success code, which means it’s aliveJ.



Step 8. Let’s open the object our makeInviteCode() function returned. we can see the data in the object file. It also says it’s encrypted in “BASE64”.



Step 9.  So, let’s quickly move to some online Base64 Decoders and decode the data. It says “In order to generate the invite code, make a POST request to /api/invite/generate



Step 10. So, we need to make a post request to https://www.hackthebox.eu/api/invite/generate there are hell lot of ways to send a post request. Let’s go with the easier process using “POSTMANchrome browser widget or a windows application.


Step 11. Download and open the POSTMAN chrome extension or a widows native application. Then select “POST” and enter the address to where we need to generate a POST Request and click on “SEND



Step 12.  You can see the output of the post request below. As you can see its encoded again. When you see a single “=” or ‘==” its most likely “BASE64” Encoded.


Step 13. Copy the code from the postman output and again move to Online Base64 Decoder and decrypt it. That’s it. Now copy the decoded code and paste it into https://www.hackthebox.eu/invite and click “Sign Up



Step 14. Congratulations!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Banzaiiiii ….. This is what we are after. Register and enjoy.  If my post helped you give me some respect on HacktheBox. My Profile Name is ‘’WhiteVoid



Well, that’s it for my First Walkthrough on HackTheBox, I will come up with walkthroughs and tutorials on HackTheBox Retired Machines and Some Challenges. Hope you enjoyed this. If possible send me some respect on my HacktheBox Profile WhiteVoid   and Share this article with your friends and help them solve the challenges. 



=============     Hacking Don't Need Agreements     =============
Just Remember One Thing You Don't Need To Seek Anyone's  To Hack Anything Or Anyone As Long As It Is Ethical, This Is The Main Principle Of Hacking Dream
    Thank You for Reading My Post, I Hope It Will Be Useful For You

I Will Be Very Happy To Help You So For Queries or Any Problem Comment Below Or You Can Mail Me At Bhanu@HackingDream.net



By:
Bhanu Namikaze

Bhanu Namikaze is an Ethical Hacker, Security Analyst, Blogger, Web Developer and a Mechanical Engineer. He Enjoys writing articles, Blogging, Debugging Errors and Capture the Flags. Enjoy Learning; There is Nothing Like Absolute Defeat - Try and try until you Succeed.

No comments:

Post a Comment