
English: 
yo what's up guys awaken gaming here
again with another video so today we're
gonna be talking about hack the box and
more specifically how to defeat the
invitation challenge so to get started I
want to tell you guys a little bit about
hack the box basically it's a platform
that allows you to VPN into it and then
it gives you access to multiple servers
that you're allowed to hack and you can
is completely legal you can go all the
way from the initial port scan to taking
vulnerable services exploiting those
services getting your initial foothold
and then pivoting through lateral
pivoting as well as privilege privilege
escalations and finally you get the two
flags the user flag and root flag and
you submit those so it's kind of CTF
like catch the black light but uh so
it's definitely a lot more lifelike the

English: 
What up guys awakengaming here again with
another video.
So today we are going to be talking about
hack the box, and more specifically how to
defeat the invitation challenge.
So to get started i'm going to tell you guys
a little bit about hack the box.
Basically it's a platform that lets you VPN
into it.
Then it give you access to multiple servers
that your can hack.
It's complacently legal.
You can go all the way from the initial port
scan to detecting vulnerable services, getting
your initial foot hold, and then pivoting
through lateral privilege as well as privilege
escalation.
Finally you get the two flags, the user flag
and the root flag.
You submit those, so its kinda ctf like capture
the flag like but um so its definitely more

English: 
normal capture the flags are anyway so
let's go ahead and jump into this
challenge can I take a second to say
this website is beautiful look at the
interaction between the mouse and these
little lines here that's awesome anyway
so we're going to want to come in here
and go to hack the box you for slash
invite I'll leave that description down
in the are I'll leave that link down in
the description so you guys can find it
easier so you right-click and inspect
and we're looking for something that
will give us some sort of foot hump here
so it'll probably be in one of these
scripts here so if we go through that
Google Analytics this
and nsj here's in the invite api so if

English: 
life like than normal capture the flag are,
Anyway so let go ahead and get into this challenge.
Can I just take a second to say this website
is beautiful.
Look at the interaction between the mouse
and these little lines here that's awesome.
Anyway so we are going to want to come in
here and go to hackthebox.eu/invite i'll leave
the link to that in the description so you
guys can find it easier.
You right click and inspect.
We are looking for something that will give
us some sort of foothold here, so it will
probably be in one of these scripts here.
We can go through, that's google analytics.
This is front end min js, here is invite api,
lets look at that.

English: 
we just look at that map and this is it
and also there's this which is kind of
like a decoy they do like to put decoys
and quite a bit basically this when you
open loops when you go to the console
it'll print this out that's that's
really all this is but anyway so we
found this and if we scan through here
to see anything interesting we see make
invite code okay so this looks like
JavaScript perhaps so if we come in here
and we go to console see there's that
Keep Calm and then it says dev tools
blah blah blah so if we come in here and
we try to type that in we can maybe
interact with that API and get some
cooling here
[Music]

English: 
Yep and this is it. and also there is this
which is kinda like a decoy they do like to
put decoys in quite a bit, so basically this
when you go into the console it will print
this out, that's really all this is.
But any way we found this and if we scan through
here to see if we see anything interesting
we see make invite code.
OK.
So this looks like java script perhaps, so
if we come in here and we go to the console
see there is that.
Keep calm and then it says dev tools bla bla
bla.
So if we come in here and we try to type that
in we can um maybe interact with that API
and get something going here.
So lets try that out.

English: 
So if we make invite code and the we close
it off be we think its java script since its
in the java script folder.
Press enter and we get a 200 OK success and
if we drill down in here we get some weird
data looking stuff here.
And it identifies the encryption type here
so if we go ahead and grab this by double
clicking it and control C it says its ROT
13 so if we.
ROT13 decode and this maybe different for
you they change the encryption type every
time so you might get base 64 or you might
get brain fuck might get ROT 13 it just depends
so you have to make sure you look at this
encryption type so here is ROT 13, so if we

English: 
and close it off this we think it's
JavaScript since this is a JavaScript
folder press ENTER and we get a 200
success if we drill it down into this we
get some weird data like it's tough here
and it identifies the encryption type
here so if we go ahead and grab this by
double clicking in control C this is
rot13 so if we brought 13 D code and
this may be different they change the
encryption type every time so you might
get base64 you might get brainfuck you
might get Roth 613 rather I just depends
so you have to make sure that you look
at this encryption type so here's rot13

English: 
so if we paste that in it says in order
to generate the invitation code make a
post request to API invite generate so
there's a couple of ways you can do this
if you already have Kali Linux you can
use burp suite to do this but we do not
so we're gonna do it in a console and
since we're running Windows right now
we're going to do this and command
prompt or if you're using a Linux device
you can use that in your the prompt
there as well so we're going to do
gonna do a curl command on this and this
does work in Windows so Carl
- these expose first and then HTTP dot

English: 
past that in it says in order to generate
the invitation code you need to do a POST
request to https://www.hackthebox.eu/api/invite/generate
so there are a couple of way to do this, if
you already have kali linux you can use burp
suit to do this, but we don't so we are going
to do this in a console. and since we are
running windows right now we are going to
do it in command prompt or if you are using
a linux device you can use the prompt there
as well.
so we are going to do a curl command on this
and this does work in windows, so curl -XPOST

English: 
https://www.hackthebox.eu/api/invite/generate
code and
we get this we get a success and then we get
some code here as well and this says that
it's encoded as well and from the alpha numeric
state and it using and = sign to get it into
and even number we can tell the is base64
so control C that.
then we can go to a base64 decoder base64
decoder and we can paste this in as well and
decode it and here we get our invitation code,
so if we copy that come back here and we past

English: 
pack the box dot EU forward slash and it
said API and fight generate
so a bi and bi gyrate and we get this we
get success and then we get some code
here as well and this says that it's
encoded as well and from the alpha
numeric state and it using equal sign to
get it into an even number we can tell
this is a basic C that we go to basic
and paste this in as well and then
decode it and here we get our invitation

English: 
code so copy that come back here and we
paste it in we sign up I'm I've already
signed up so it's gonna take you to a
different screen I'll actually open up
an incognito window and show you guys
what you will land on
we paste our code in there you can sign
up and it says congratulations got it
cookies to the nudies your username
email password
except you don't have to do product
services and then register and then it
will take it to this page this is kind
of just like information that's how many
machines are currently active how many
people are online how many connections
response time heatmap VPN origins most
everybody is coming from
top teams just it's pretty pretty decent

English: 
it in we sign up i'm i have already signed
up so it will take me to a different screen.
I'll open up an incognito window and show
you guys what you will land on go to invite
challenge we past our code in there hit the
sign up and it says hack the box congratulations
got it its telling you about cookies.
So then you input your user name and password.
press accept you don't have to the products
and services, and then register and then it
will take you to this page this is kinda of
just like information like how many machine
are currently active how many people are online
this is how many connection, response time.
This is a heat map, vpn origins most every
one is connecting form the usa, top teams
it's a pretty good looking interface, but
um.

English: 
That will be it for this tutorial,if you guys
need any help, if I wasn't clear about something
or you get stuck on some part please leave
that in the description and i'll help you
as best I can.
If you do like this content and want more
we will be doing a how to install kali linux,
how to get that all set up along with your
vpn access and all that so that we can begin
to actually hack some of these boxes we will
be doing that in the next episode.
If guys would like the return for that content
please consider subscribing and ringing the
notification bell so that way you are notified
when I upload videos.
With that being said thank you guys so much
for taking some of your time out of you day
to spend that with me and i'll see you next
time.

English: 
like an interface but that'll be it for
this tutorial if you guys needed any
help if I wasn't clear about something
or you get stuck on a part please leave
that in the description and I'll help
you as best as possible
if you do like this content and want
more we will be doing a how to install
Kali Linux and get that all set up along
with your VPN access and all that so
that we can begin to actually hack some
of these boxes we'll be doing that in
the next episode so if you guys would
like to return for that content please
consider subscribing and ringing the
notification bells so that way you're
alerted to when I make these videos with
that being said thank you guys so much
for taking some of your time out of your
day to spin that with me and I'll see
you next time
