HackTheBox Lab – Invite Code Write-Up

A friend showed me this lab. I have just started solving the HTB Lab. And I will share the solvings step by step. The Lab has 20 machines that Linux and Windows. The registration that I had the most fun ever seen until now.

I will explain first challange: invite code.

First, you should invite yourself.

Actually, there is no one who sending the invite code. You should invite yourself. Search for inviting.

I found a hint in the javascript console. A skull was waiting me.

I was review the js files. Specially /js/inviteapi.min.js

  1. I typed this function name in console. And SUPRISE!

I decoded the data by base64.

  1. I prepared a POST request to /api/invite/generate.

I found a new code in JSON Response.

I decoded the new code by base64.

Shall we begin! To be continued.

-EOF-

July 5 2017