There is wealth of resources available to anyone willing to practice their newly acquired skill. Without them we wont be able to progress. The best thing about the resources in this field is that many are free and widely available. Besides an open source operating system (Kali, Parrot OS etc) at your disposal there are platforms out there designed to help you become much better at what you are doing now. Practice makes perfect!
What I like most about this portal was an invitation to .. hack your way in. You know these guys mean business when your first challenge is to gain access so you can practice your hacking ju-itsu. It is this moment that separates men from the boys ( or women from the girls :). Your first "hacking" experience starts here!
I have noticed that in this field you need to be curious about everything you see in front of you. Let's look inside and see what we can learn.
Exploring further links we discover a code that looks like it might be responsible for an invite code generation:
Output of the unpacked command we placed in the form:
Now, of course I do not know java programming language well enough to know how to code (yet). When I looked at it for a first time, it was like reading a book in a foreign language. Gibberish at best! However, once you look at the code over and over again, you begin to see familiar keywords, then maybe some functions that point towards certain instructions of what the code is doing. Here we are looking for any clues that will reveal the Invite Code and it seems like this part of the code can make it happen for us: function makeInviteCode () .
We learn that the code needs a "POST" request to be sent to https://hackthebox.eu/api/invite/how/generate to generate the code?. We can accomplish this task with curl.
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP).
In this case we specify -X and the request method we got from java code, in this case a POST request.
curl -X POST https://www.hackthebox.eu/api/invite/how/to/generate
Output of the command:
With this HackTheBox challenge as well as many other situations we are going to see Base64 is used quite often.
Base-64 encoding is a way of taking binary data and turning it into text so that it's more easily transmitted in things like e-mail and HTML form data.
echo SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLCBtYWtlIGEgUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl | base64 -d
Will give us an output of:
curl -X POST https://www.hackthebox.eu/api/invite/generate
Output of the command:
We repeat the steps we did before:
echo T0lRTFctRktGVVEtSlNPQ1ctSU1OS1ktUkRYVkk= | base64 -d