HacktheBox 邀请码挑战------can you hack the box?
Invite Challenge
can you hack the box?注册hackthebox的时候会让你输入hackthebox邀请码
F12调出开发者工具,发现一个名为inviteapi.min.js的文件比较像是破解关键
eval(function (p, a, c, k, e, d) {e = function (c) {return c.toString(36)};if (!''.replace(/^/, String)) {while (c--) {d[c.toString(a)] = k[c] || c.toString(a)}k = [function (e) {return d[e]}];e = function () {return '\\w+'};c = 1};while (c--) {if (k[c]) {p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])}}return p}('1 i(4){h 8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1 j(){$.9({a:"7",5:"6",b:\'/d/e/k/l/m\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}', 24, 24, 'response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify'.split('|'), 0, {}))
一看就很复杂是吗?解决不清楚的JS代码就是运行它,奥利给!!!运行一遍无回显,但不难发现程序最后return了p,一个小技巧就是在执行return前我们插入一句console.log(p);看看。参数p打印出来为
function verifyInviteCode(code) {var formData = { "code": code};$.ajax({type: "POST", dataType: "json", data: formData, url: '/api/invite/verify', success: function (response) {console.log(response)}, error: function (response) {console.log(response)}})}function makeInviteCode() {$.ajax({type: "POST", dataType: "json", url: '/api/invite/how/to/generate', success: function (response) {console.log(response)}, error: function (response) {console.log(response)}})}
这段代码的意思就简单明了了,makeInviteCode()应该就是获取邀请码的函数。
F12 console口运行makeInviteCode()拿到一段base64编码的字符串
SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLCBtYWtlIGEgUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl
解码得到
In order to generate the invite code, make a POST request to /api/invite/generate
使用POST方法访问https://www.hackthebox.eu//api/invite/generate得到
{ "success":1,"data":{ "code":"VUlXQU4tVEFMSEstTllZWFUtVFhWREQtVUNFSFg=","format":"encoded"},"0":200}
很明显又是base64,解码得到邀请码
UIWAN-TALHK-NYYXU-TXVDD-UCEHX
实测每次获取的邀请码不一样,验证邀请码有效性有基于IP的判断,注册页面有个谷歌人机验证要能刷出来才能注册成功。
£神魔★判官ぃ
àì夳堔傛蜴生んèń
- 日理万妓
Bertha 。
不念不忘少年蓝@
还没有评论,来说两句吧...