hack the box

invite code

inspect invite code input box element
- find script 'src="/js/inviteapi.min.js"'
navigate to script url (https://www.hackthebox.eu/js/inviteapi.min.js)
run 'makeInviteCode' function in browser console
- expand Object output
- decode data string (base64) echo <string> | base64 -d -
- output gives '/api/invite/generate'
use curl to send POST request curl -X POST https://www.hackthebox.eu/api/invite/generate
- output gives us encoded code string
decode code string echo <string> | base64 -d -
copy invite code into input box and submit

download zip file
unzip using password
following files extracted . ├── bro/ │ ├── conn.log │ ├── dns.log │ ├── files.log │ ├── http.log │ ├── packet_filter.log │ ├── ssl.log │ └── weird.log ├── bundle.pem ├── chalcap.pcapng └── secrets.log
open pcap file in wireshark

open url:port provided from instance
proxy page through burpsuite
- submit password to see response
  - submit root is '/'
  - response containse 'Invalid password!' string
lernaean is the hydra from greek mythology
hydra is a password bruteforce tool
run a password list through hydra hydra -l "" -P <pass_list> -s <port> -f docker.hackthebox.eu http-post-form "/:password=^PASS^:Invalid password\!"
- -l : user (blank as no username field)
- -P : password file (used common-passwords.txt first with no luck, success with rockyou.txt)
- -s : port
- -f : exit when creds found
- url (from instance)
- service
- root of submit, tell it to use passwords from file, login failed message (escape the !)
once password is found submit in field
this displays a new page
check response in burp to find HTB flag

download zip file
unzip a password protected pdf
use pdfcrack to bruteforce password pdfcrack -f 0ld\ is\ g0ld.pdf -w /path/to/rockyou.txt
open pdf with password
scroll to bottom and zoom in a lot to find morse code .-. .---- .--. ... .- -- ..- ...-- .-.. -- ----- .-. ... ...--
translate code R1PSAMU3LM0RS3
submit flag (wrap with HTB{})