注册 Hack the box

流程

https://www.hackthebox.eu/invite

F12调出控制台

可疑js https://www.hackthebox.eu/js/inviteapi.min.js

解出

function verifyInviteCode(code) {
    var formData = {
        "code": code
    };
    $.ajax({
        type: "POST",
        dataType: "json",
        data: formData,
        url: '/api/invite/verify',
        success: function(response) {
            console.log(response)
        },
        error: function(response) {
            console.log(response)
        }
    })
}
function makeInviteCode() {
    $.ajax({
        type: "POST",
        dataType: "json",
        url: '/api/invite/how/to/generate',
        success: function(response) {
            console.log(response)
        },
        error: function(response) {
            console.log(response)
        }
    })
}

makeInviteCode()

返回值

{
  data: "SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLCBtYWtlIGEgUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl",
  enctype: "BASE64"
}

根据enctype解出明文

$echo -n "SW4gb3JkZXIgdG8gZ2VuZXJhdGUgdGhlIGludml0ZSBjb2RlLCBtYWtlIGEgUE9TVCByZXF1ZXN0IHRvIC9hcGkvaW52aXRlL2dlbmVyYXRl" |base64 --decode
In order to generate the invite code, make a POST request to /api/invite/generate

根据明文提示写函数

function makeInviteCode2() {
    $.ajax({
        type: "POST",
        dataType: "json",
        url: '/api/invite/generate',
        success: function(response) {
            console.log(response)
        },
        error: function(response) {
            console.log(response)
        }
    })
}

执行函数makeInviteCode2得到秘文,根据秘文解出邀请码

echo -n "{base64 stuff}" |base64 --decode
{XXXXX-XXXXX-XXXXX-XXXXX-XXXXX}

输入邀请码进行后面的注册流程

end

瞎几把XI[U]E

注册 Hack the box

流程

图解