HacktheBox 邀请码挑战------can you hack the box?
Invite Challenge
can you hack the box?注册hackthebox的时候会让你输入hackthebox邀请码
F12调出开发者工具,发现一个名为inviteapi.min.js的文件比较像是破解关键
eval(function (p, a, c, k, e, d) {
e = function (c) {
return c.toString(36)
};
if (!''.replace(/^/, String)) {
while (c--) {
d[c.toString(a)] = k[c] || c.toString(a)
}
k = [
function (e) {
return d[e]
}
];
e = function () {
return '\\w+'
};
c = 1
};
while (c--) {
if (k[c]) {
p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c])
}
}
return p
}('1 i(4){h 8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1 j(){$.9({a:"7",5:"6",b:\'/d/e/k/l/m\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}', 24, 24, 'response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify'.split('|'), 0, {
}))
一看就很复杂是吗?解决不清楚的JS代码就是运行它,奥利给!!!运行一遍无回显,但不难发现程序最后return了p,一个小技巧就是在执行return前我们插入一句console.log(p);看看。参数p打印出来为
function verifyInviteCode(code) {
var formData = {
"code": code};
$.ajax({
type: "POST", dataType: "json", data: formData, url: '/api/invite/verify', success: function (response) {
console.log(response)
}, error: function (response) {
console.log(response)
}
})
}
function makeInviteCode() {
$.ajax({
type: "POST", dataType: "json", url: '/api/invite/how/to/generate', success: function (response) {
console.log(response)
}, error: function (response) {
console.log(response)
}
})
}
这段代码的意思就简单明了了,makeInviteCode()应该就是获取邀请码的函数。
F12 console口运行makeInviteCode()拿到一段base64编码的字符串
SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLCBtYWtlIGEgUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl
解码得到
In order to generate the invite code, make a POST request to /api/invite/generate
使用POST方法访问https://www.hackthebox.eu//api/invite/generate得到
{
"success":1,"data":{
"code":"VUlXQU4tVEFMSEstTllZWFUtVFhWREQtVUNFSFg=","format":"encoded"},"0":200}
很明显又是base64,解码得到邀请码
UIWAN-TALHK-NYYXU-TXVDD-UCEHX
实测每次获取的邀请码不一样,验证邀请码有效性有基于IP的判断,注册页面有个谷歌人机验证要能刷出来才能注册成功。