Recently a friend of mine suggested to start playing CTF (Capture The Flag). So I started with "Hack the box".
Hack the box is basically a platform to test your skills in Penetration Testing.
In order to sign up, you've to crack the invite code
Start with inspect element and analyze that.
You'll find a script as /js/inviteapi.min.js
So now, go to https://www.hackthebox.eu/js/inviteapi.min.js . You will see a file like this
This is the point where I got stuck, since I don't have that much hold on JavaScript. So I'd search the web for further clarification.
Finally found a tool called jsbeautifier
"JavaScript beautifier" is a tool to unpack or deobfuscate JavaScript and HTML
You will see that there is a function named makeInviteCode()
This function actually make/generates your required invite code
Now make a POST request to the url mentioned in the function (/api/invite/how/to/generate)
Observe that Base64 Encoding is used. Search online for Base64 decoder and decrypt it
Again make a POST request to /api/invite/generate
Notice that it says format:encoded, So try with base64 decoder
And voila, you've got the invite code. Happy Hunting
Note: You'll not always be able to capture the flag, there'll be times when you'll get stuck, but that's the fun part of playing CTF's. You'll always learn something new.
