Learning platforms that will help you to stay sharp
There is wealth of resources available to anyone willing to practice their newly acquired skill. Without them we wont be able to progress. The best thing about the resources in this field is that many are free and widely available. Besides an open source operating system (Kali, Parrot OS etc) at your disposal there are platforms out there designed to help you become much better at what you are doing now. Practice makes perfect!
Hacking Training For The Best
Hack The Box
Joining page to Hack The Box
When a life gives you lemons grab a tequilla and some salt, this is going to be fun!
What I like most about this portal was an invitation to .. hack your way in. You know these guys mean business when your first challenge is to gain access so you can practice your hacking ju-itsu. It is this moment that separates men from the boys ( or women from the girls :). Your first "hacking" experience starts here!
I have noticed that in this field you need to be curious about everything you see in front of you. Let's look inside and see what we can learn.
Output of the unpacked command we placed in the form:
Now, of course I do not know java programming language well enough to know how to code (yet). When I looked at it for a first time, it was like reading a book in a foreign language. Gibberish at best! However, once you look at the code over and over again, you begin to see familiar keywords, then maybe some functions that point towards certain instructions of what the code is doing. Here we are looking for any clues that will reveal the Invite Code and it seems like this part of the code can make it happen for us: function makeInviteCode () .
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP).
In this case we specify -X and the request method we got from java code, in this case a POST request.
curl -X POST https://www.hackthebox.eu/api/invite/how/to/generate
Output of the command:
base64 encoded mystery
With this HackTheBox challenge as well as many other situations we are going to see Base64 is used quite often.
Base-64 encoding is a way of taking binary data and turning it into text so that it's more easily transmitted in things like e-mail and HTML form data.