A friend showed me this lab. I have just started solving the HTB Lab. And I will share the solvings step by step. The Lab has 20 machines that Linux and Windows. The registration that I had the most fun ever seen until now.
I will explain first challange: invite code.
First, you should invite yourself.
- Actually, there is no one who sending the invite code. You should invite yourself. Search for inviting.
- I was review the js files. Specially /js/inviteapi.min.js
- I typed this function name in console. And SUPRISE!
- I decoded the data by base64.
- I prepared a POST request to /api/invite/generate.
- I found a new code in JSON Response.
- I decoded the new code by base64.
- Shall we begin!To be continued.