Hack The Box

Hack The Box
Photo by Pankaj Patel / Unsplash

I attended CircleCityCon 7.0 because it was virtual this year and I've found a new area of interest - InfoSec. The community of white and gray hat hackers thrive on technology and puzzle solving which are passions of mine as well. The glimpse I've seen of this world has inspired me to explore more.

Enter hackthebox.eu: a service that provides servers for people to hack to learn more about how a malicious attacker would find and exploit vulnerabilities in a web application. I haven't yet begun working through their challenges yet, so I'll have more to share on this in the future. I will try to provide write-ups for how I approached each server.

And this is the first write up! It turns out that to even get to the user registration page, you have to solve a bit of a puzzle: you need to "hack" the invitation code page to get an invitation code. There are clues scattered about to help you do it of course, but they don't make it so easy. You can start by hitting the hint button, and that tells you to look at the console. So, if you're using Chrome or Brave, hit F12 on your keyboard to pull up the web developer tools. In the console, you'll find a jolly roger with another clue...

This tells you to take a look at the javascript files for something interesting. Aha! One of the files has on its first line another clue: //This javascript code looks strange...is it obfuscated??? If you put this javascript through one of the online javascript deobfuscators, you'll find that this is simply a function with an ajax call in it. You can then open up a tool such as Postman and enter the details from the deobfuscated ajax call.

Alas, this doesn't provide the invite code, but instead another little puzzle. The response is a base64 encoded string. Go and decode it using your favorite CLI tool or online service. This FINALLY gives you the url to use to fetch an invite code. Use postman again and you've got the code! There's only one problem: it's encoded. If you assume it's the same type of encoding as before, you can easily decode it and you're done.

WHEW and that was just getting in the door! This is gonna be a hoot!