I originally wanted to setup my tryhackme account and start doing some basic rooms this weekend, but apparently even setting up something meant for beginners can be a pain in the ass. Some stupid errors I had to deal with included virtualbox errors from not installing extentions, outdated virtualbox version, and not knowing how to connect to the THM vpn because I didn't know I had to download the openvpn configuration file from inside my virtual machine - felt really stupid about that one and by the time I got everything done I was more in the Apex Legends mood.
I'll feel really guilty if I don't do anything though, so I decided to do the invite challenge for hackthebox. I already had made an account with them, but that was over an year ago and I had help and by now forgot everything.
Here's the invite page challenge you see when load the page. If you open the console tab you're greeted with a jolly roger saying 'This page loads an interesting javascript file. See if you can find it :)'. Poking around in Sources there's a js file called inviteapi.min.js:
//This javascript code looks strange...is it obfuscated???
eval(function(p,a,c,k,e,r){e=function(c){return c.toString(a)};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('0 3(){$.4({5:"6",7:"8",9:\'/b/c/d/e/f\',g:0(a){1.2(a)},h:0(a){1.2(a)}})}',18,18,'function|console|log|makeInviteCode|ajax|type|POST|dataType|json|url||api|invite|how|to|generate|success|error'.split('|'),0,{}))
the 'min' part of the filename reminds me of something called minifying, which as far as I know just compressed code. Unminifying the code however doesn't really do anything but add indents, so it's still this weird function(p,a,c,k,e,r)
thingy. Some further googling and I find out that it's not minified but packed, which according to this uses Base62 magic to remap the source code. Donno how that works, and luckily I don't have to because there's also a javascript unpacker tool which turns the above into the following:
function makeInviteCode() {
$.ajax({
type: "POST",
dataType: "json",
url: '/api/invite/how/to/generate',
success: function (a) {
console.log(a)
},
error: function (a) {
console.log(a)
}
})
}
The makeInviteCode() function is interesting, so that goes into the console, which outputs the following:
data: "Va beqre gb trarengr gur vaivgr pbqr, znxr n CBFG erdhrfg gb /ncv/vaivgr/trarengr"
enctype: "ROT13"
ROT13 is just a very basic cipher that maps A->N, B->O and so on, and luckily some helpful guy made a tool for that too:
In order to generate the invite code, make a POST request to /api/invite/generate
I don't feel like installing a wholeass extension just to do this. Luckily from firefox, you can hit ctrl-shift-e to bring up the network monitor. Select any entry from the list and there's an option to edit and resend on the top right. From there use POST for the method, hackthebox.eu/api/invite/generate for the url. I don't know what the request headers and body are (still don't know web basics lol) so I leave them as they are. I send and get a 403 response back. Click and there's a code ending in '=', which means it's probably base64. Using yet another decoding tool (thanks guys) you get the final invite code.
Writing this out took more time than the actual work. But I guess doing even something small is better than nothing. My idea is that by writing consistent entries I can guilt myself into doing something even when I don't want do. I really do have to get back to thm and do something more substantial tho...
Top comments (0)