Getting Invitation on HackTheBox.gr
As surfing twitter , i got the link https://www.hackthebox.gr/en and which says "
Hack The Box
An online platform to test and advance your skills in penetration testing and cyber security."
But , for registration it says like "After completing the registration process (if you manage to do so), " Oh ! something fishy , huh ?
https://www.hackthebox.gr/en/invite
First rule : , always check the source code , and so did I :D
https://www.hackthebox.gr/js/inviteapi.min.js
var _0x1f0f= ["\x50\x4F\x53\x54","\x6A\x73\x6F\x6E","\x2F\x6 .................. x1f0f[3]]
For seeing what js is saying, just opened the console and typed _0x1f0f
Light up that somky burp ,,,,,, intercept then send do repeater ,
POST /api/invites/generate HTTP/1.1
Response:
HTTP/1.1 200 OK
Date: Mon, 15 May 2017 15:38:44 GMT
Content-Type: application/json
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache, private
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-Frame-Options: DENY
Server: cloudflare-nginx
CF-RAY: 35f72f988a116fc0-SIN
Content-Length: 189
{"success":1,"data":{"code":"ATNCD-EOWAR-JAGFH-WAHHT-LBONN","used":0,"ip_address":"xxx.xxx.xxx.xxx","updated_at":"2017-05-15 18:38:44","created_at":"2017-05-15 18:38:44","id":2467},"0":200}
Date: Mon, 15 May 2017 15:38:44 GMT
Content-Type: application/json
Connection: close
Vary: Accept-Encoding
Cache-Control: no-cache, private
X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
Strict-Transport-Security: max-age=63072000; includeSubdomains;
X-Frame-Options: DENY
Server: cloudflare-nginx
CF-RAY: 35f72f988a116fc0-SIN
Content-Length: 189
{"success":1,"data":{"code":"ATNCD-EOWAR-JAGFH-WAHHT-LBONN","used":0,"ip_address":"xxx.xxx.xxx.xxx","updated_at":"2017-05-15 18:38:44","created_at":"2017-05-15 18:38:44","id":2467},"0":200}
Enjoy !!!!
Stay hIGH :3
Stoner I see you have been naughty... ch4p here...
ReplyDeleteaye aye sir !
DeleteTwo days fighting... ain't not able
ReplyDeletetwitter/st0n3r1337
ReplyDelete