Now to keep true to the HackTheBox spirit, I must ask that you only read this WalkThrough after to compare notes. But regardless of your stance, here is my method.
Utilities needed: Kali VM, web browser, internet access, luck
The first thing I did was access the website: https://hackthebox.eu/invite and press F12 (if you are using Chrome) to bring up the developer tools. From here if we scroll down a bit we notice the script https://www.hackthebox.eu/js/htb-fronted.min.js and right below that is /js/inviteapi.min.js. Curious I decided to type this extension, so the link looked like this:
That link takes us directly to here and this is where I got a bit lost. At first it didn't make much sense to me until I thought about functions. And my thought process was that the words between | must be functions.
That link takes us to this page and this is where I got a bit lost. At first it didn't make much sense to me until I thought about functions. And my thought process was simple, the words between | must be functions.
I decided to test this theory with the verifyInviteCode, because if I can just verify myself, I would not have to grab any type of code. However, knowing that if console finds an available function it will tab-complete, I soon realized that verifyInviteCode was not going to work.
So instead I tried the makeInviteCode function and two options arose, makeInviteCode and makeInviteCode().
I went back to the website: https://hackthebox.eu/invite and tried out both, the first one gave me an error, but it did drop a hint letting me know that the second one does exist.
After running the function, it then appears that a string of data appears that is encoded in Base64, thankfully I know of a website that can help.
After copying the message and decoding it, I realize that I have to access another link.
From here I realize that I need to send a POST request to the following link:
https://hackthebox.eu/api/invite/generate in order to advance, so I find this webpage that sends POST requests to help test websites.
And success! The response, encoded in Base64, I paste it into the website we used earlier and receive the invite code.
However, this process sadly fails. And the reason why is because the API that HackTheBox uses to generate the invite codes are unique to your IP address, meaning that sharing codes is not an option. I minor security tactic, but one I think is necessary.
To overcome this we can quickly send a POST packet using the wget tool in Kali Linux, from here the code is received once again.
And after decoding the Base64 string, we arrive at our invite screen once again.
Success! We can now sign up and use HackTheBox.