For start to learn as Pentester, Hack The Box websites offering enough machines lab for remote access via VPN to begin the journey as Penetration Testing. In here, we will talk about how to register this sites and get access to the machines lab on Hack The Box.
Go to this link https://www.hackthebox.eu/register to register your email and password, after that, you will get notification error, you need to inject your invitation code before you start to register your account.
Click on here, and you will redirect to hack the box invite pages.
From this page, we will find how to get the invite code to use for register to the hack the box site. Used the development tools from your browser to inspect this page, right click from the browser, and select inspect. There are some interest link on this page code that will direct us to javascript code “inviteapi.min.js”, as shown below :
Now, we will try to access source link shown at inviteapi.min.js with url access to https://www.hackthebox.eu/js/inviteapi.min.js, this page will show to us some javascript code, some interest code in “makeInviteCode” can we see below :
Back to the hack the box invite page, still with inspect elements tools, go to console, and type on console the command “makeInviteCode()”, we will get return code 200 together with code on console.
We can see on the picture above, the code was encode used BASE64 encryption, some case, this code also return with another encryption type like ROT13. Now we must decode this code with BASE64 decoder online from the internet to get the real data, i choose to use BASE64 decoder from this site https://www.base64decode.org/, copy the code and paste the code to BASE64 decoder.
We can see the result from BASE64 decoder, as the return from the code, we need to request to the hack the box api to generate the code. We can use curl command or postman apps to do this, in here, i just used curl command to request the code.
We get the code, but its still encoded then. We will used BASE64 decoder more to decode this code like before, copy and paste the code to BASE64 decoder.
Use this code and paste to invitation code page, and we can continue the register process.
blackboot03.art.blog 
Leave a comment