Spoiler Alert : I suggest you to try to hack your way into the site, before actually reading anything below. If you fail after considerable tries or you want to know a method which may be different than yours, you can follow along below.

What is Hack The Box?

Hack The Box is an online platform that allows you to test and advance your skills in Penetration Testing and Cybersecurity. The platform contains assorted challenges that are continuously updated. Some of the challenges simulate real world situations/scenarios, while others are more like CTFs. Needless to say, Hack the box is beyond resourceful if you want to level up your cybersecurity skills; especially as a beginner.

 If you want to know more about Hack The Box platform, you can read my post “Hack The Box – Playground for Ethical Hacker”

How do you join Hack the box?

To join Hack the Box, you have to hack yourself in. Sounds intimidating right ? Don’t worry, this exhaustive article will take you through how to achieve the aforementioned. However, I highly recommend that you first try to hack yourself in (on your own), and only use this article as a guide in case you need help.

Let’s get started.

First, visit the official Hack the Box website. As you scroll down to read more information, you will eventually see a join button ; please click on it.

You’ll then be directed to https://www.hackthebox.eu/invite to join Hack The Box.

You can clearly see a text box asking us for an invite code. Right click on the page and choose the Inspect Element option. Alternatively, you can press Ctrl + Shift + I to open Chrome’s Developer tools.

Go through the Elements tab and you will eventually find a script with its source as /js/inviteapi.min.js.

Interesting, now visit https://www.hackthebox.eu/js/inviteapi.min.js and you will see a JS file like the one in the image below.

With this new information, we go back to https://www.hackthebox.eu/invite to try and find the contents of makeInviteCode

Go to the Console tab and type makeInviteCode() and then press Enter . You will get a 200 Success status and data as shown below:

In my case, the encoding type of the data was ROT13. Hack The Box also uses BASE64; therefore don’t fret if our encoding types are different.

It’s time to decode the message we have. Copy the contents of data and search online for a ROT13 decoder. In my case, I personally used Google search’s first result: https://rot13.com/

Fascinating!! In order to generate a valid Hack The Box Invite Code, we have to make a POST request to /api/invite/generate.

Fire up your terminal and make a POST request by typing:

Using powershell

PS> Invoke-WebRequest -Uri https://www.hackthebox.eu/api/invite/generate -Method POST

Using bash shell

$> curl -XPOST https://www.hackthebox.eu/api/invite/generate

We now have an invite code, but there’s a catch, it’s encoded. Let’s try decoding it by using https://www.base64decode.org/.

Finally, go back to https://www.hackthebox.eu/invite and paste the Invite Code you got into the text box and click on Sign Up.

OMG!! We got it!!!!!

Now, you can easily register as a user of Hack the Box.