Hack The Box-入门注册

邀请码获取

访问邀请码页面

https://www.hackthebox.eu/invite

查看hint后去console里看看。查看js文件

image-20210330135739126

把这一段复制下来js解密

本地起一个html用来解码

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<script> 
a=62; 
function encode() { 
 var code = document.getElementById('code').value; 
 code = code.replace(/[\r\n]+/g, ''); 
 code = code.replace(/'/g, "\\'"); 
 var tmp = code.match(/\b(\w+)\b/g); 
 tmp.sort(); 
 var dict = []; 
 var i, t = ''; 
 for(var i=0; i<tmp.length; i++) { 
   if(tmp[i] != t) dict.push(t = tmp[i]); 
 } 
 var len = dict.length; 
 var ch; 
 for(i=0; i<len; i++) { 
   ch = num(i); 
   code = code.replace(new RegExp('\\b'+dict[i]+'\\b','g'), ch); 
   if(ch == dict[i]) dict[i] = ''; 
 } 
 document.getElementById('code').value = "eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\\\b'+e(c)+'\\\\b','g'),k[c]);return p}(" 
   + "'"+code+"',"+a+","+len+",'"+ dict.join('|')+"'.split('|'),0,{}))"; 
} 

function num(c) { 
 return(c<a?'':num(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36)); 
} 

function run() { 
 eval(document.getElementById('code').value); 
} 

function decode() { 
 var code = document.getElementById('code').value; 
 code = code.replace(/^eval/, ''); 
 document.getElementById('code').value = eval(code); 
} 
</script> 


<textarea id=code cols=120 rows=20> 

</textarea> 
<input type=button onclick=encode() value=编码> 
<input type=button onclick=run() value=执行> 
<input type=button onclick=decode() value=解码>

得到解密后的代码

function makeInviteCode(){$.ajax({type:"POST",dataType:"json",url:'/api/invite/how/to/generate',success:function(a){console.log(a)},error:function(a){console.log(a)}})}

得知去访问/api/invite/how/to/generate并用post方法传

image-20210330140002752

ROT13解密这一段data

In order to generate the invite code, make a POST request to /api/invite/generate

再用post方法访问/api/invite/generate

image-20210330140124244

得到一段base64代码,解码后得到邀请码

image-20210330140146461

reCaptcha validation failed解决方法

获得邀请码后进去注册页面,但发现submit时会提示reCaptcha validation failed

如果遇到这个情况,则是因为谷歌验证加载不出来

用gooreplacer替换资源

image-20210330135431973

再次注册成功

posted @ 2021-03-30 14:07  LEOGG  阅读(1735)  评论(0编辑  收藏  举报