So you have decided to test your pen testing skills, hack the box is one of the best places to put your pen testing skills to practice. After browsing the hack the box web site you will find there is no registration page, that’s because you actually have to hack your way in, lets get started.
Go to https://www.hackthebox.eu/invite page, now right click on that page and click inspect.
Browse through the element tab until you see the script /js/inviteapi.min.js
After finding the invite script, lets view the script, open your browser and go to https://www.hackthebox.eu/js/inviteapi.min.js
Go back to the invite page, right click to inspect, navigate to the console tab and paste/type makeInviteCode() and press enter to execute the script.
as we can see its encrypted using BASE64 encryption, we can find a BASE64 decryption site with a simple google search, this is the site we used https://www.base64decode.org. The decrypted message reads “In order to generate the invite code make a POST request to /api/invite/generate”
To make a POST request open up your terminal and using the curl command.
curl -XPOST https://www.hackthebox.eu/api/invite/generate
Yes we got the invite code, still not working? that’s because the code is also encrypted with BASE64, using the same processes we used earlier we can decode the invite code, once decoded enter the invite code into the hack the box website and proceed to create an account.