grimoire

personal wiki
git clone git://git.pyratebeard.net/grimoire.git
Log | Files | Refs
commit 963feaa502c831f043f3c3397d80bd6369812151
parent 79e67e4468a57c06a9fea971c4394d61a3291100
Author: pyratebeard <root@pyratebeard.net>
Date:   Fri, 10 May 2019 18:41:27 +0100

hackthebox project w/ first two tasks

Diffstat:

MHome.md | 1+


Aprojects/hackthebox.md | 50++++++++++++++++++++++++++++++++++++++++++++++++++


2 files changed, 51 insertions(+), 0 deletions(-)

diff --git a/Home.md b/Home.md
@@ -43,6 +43,7 @@
 ## projects
 - [pyratenet](projects/pyratenet)
 - [startpage](projects/startpage)
+- [hackthebox](projects/hackthebox)
 
 ## technology
 
diff --git a/projects/hackthebox.md b/projects/hackthebox.md
@@ -0,0 +1,50 @@
+# hack the box
+
+## invite code
+url: https://www.hackthebox.eu/invite
+
+- inspect invite code input box element
+	- find script 'src="/js/inviteapi.min.js"'
+- navigate to script url (https://www.hackthebox.eu/js/inviteapi.min.js)
+- run 'makeInviteCode' function in browser console
+	- expand Object output
+	- decode data string (base64)
+		```
+		echo <string> | base64 -d -
+		```
+	- output gives '/api/invite/generate'
+- use `curl` to send POST request
+	```
+	curl -X POST https://www.hackthebox.eu/api/invite/generate
+	```
+	- output gives us encoded code string
+- decode code string
+	```
+	echo <string> | base64 -d -
+	```
+- copy invite code into input box and submit
+
+## web
+### lernaean (20 pts)
+- open url:port provided from instance
+- proxy page through burpsuite
+	- submit password to see response
+		- submit root is '/'
+		- response containse 'Invalid password!' string
+- lernaean is the hydra from greek mythology
+- hydra is a password bruteforce tool
+- run a password list through hydra
+	```
+	hydra -l "" -P <pass_list> -s <port> -f docker.hackthebox.eu http-post-form "/:password=^PASS^:Invalid password\!"
+	```
+	- `-l` : user (blank as no username field)
+	- `-P` : password file (used common-passwords.txt first with no luck, success with rockyou.txt)
+	- `-s` : port
+	- `-f` : exit when creds found
+	- url (from instance)
+	- service
+	- root of submit, tell it to use passwords from file, login failed message (escape the !)
+- once password is found submit in field
+- this displays a new page
+- check response in burp to find HTB flag
+