Hackthebox.gr Virtual Lab (FREE)

I started this thread for anyone else interested in pwning this network. if you’re able to get passed the log in page you will have access to the rest of the network.

I’m still trying to get passed the log in page myself. I just found out about this site. Feel free to join in on the discussion and post your feedback or tutorials here.


Interesting, Just took a look at it, so far so easy lol. The login box is a piece of cake. Perhaps you should check how it verify’s the codes :wink:

1 Like

That was actually a very nice tip :smiley:

1 Like

Lol. All this obfuscation and all you had to do was call a function

Took me about 30 minutes to figure that out. Should have been less.

never mind my previous comment… how does one create spoiler text?

[spoiler] Text to hide [/spoiler]

It isn’t that hard ^.^
Here’s how:

When we enter to register, we can see that it asks for invite-code…
Let’s see the source:

Uhmm… This one seems interesting, when we enter it we get:

Ohh obsfucated…
I’ll use jsbeautifier.org:

So, there are two functions, one to check, and to generate!
we’ll focus on the generate one…
So it creates a request of type POST to: https://www.hackthebox.gr/api/invite/generate
With this in Postfields: dataType=json
Awesome, let’s try to send a request like that and see the result…

We got code!
let’s decode that base64 :smiley:
And here we go, we got our registration code :slight_smile:

Hope it helped, if you got stuck in the registration of course!


Hi ,

I am not able to generate the code . I found the function and executed in the console. But it always gives me the error - ‘In order to generate the invite code, make a POST request to /api/invite/generate’

can any one help.

In the function its taking the url as ‘url: ‘/api/invite/how/to/generate’’ . But i am getting the error message as the above.

  • Use Hackbar ( a mozilla add-on ), which i think you will like…


Or, just a programming language… ( Javascript used as an example… )

function send_post(){
	var url = "https://www.hackthebox.gr/api/invite/generate";
	var postdata = {'dataType':'json'};
	var request = new XMLHttpRequest();
	request.open("POST", url, 1);
	request.onreadystatechange = function(){
		if( request.readyState == 4 ){
			var response = JSON.parse(request.responseText);
			var encrypted = response.data.code;
			var format = response.data.format;
			if( format == "encoded" ){
				var decrypted = atob(encrypted);
				var decrypted = encrypted;

Run it in console, and you will get your registration code :smile:!

1 Like

After to get access to hackthebox i saw some interesting challenges. If i get sucess in some i’ll to expose it here.

I think you should read the rules for members creating tutorials on exploiting machines in the network. It ain’t friendly :stuck_out_tongue_winking_eye:


Well look at that, Our sergeant is still alive!

It has been a while old friend. Where did you go?

1 Like

I’m always around watching you and watching them. A lot of personal work, busy revamping my old website and learning a lot so pretty occupied lately.

was easy , to crack the login haha but must try

Hostname: Popcorn

WalkThrough Video:


Compressed With Winrar

1 Like

I would strongly recommend uploading to YouTube, or Vimeo, or even to 0x0.st. So that people can stream it.

I Have a Bad Net 512 kb/s so if anyone can do that i’ll edit my post am so sorry !

I’m uploading it on vid.me because I don’t have Youtube and Vimeo doesn’t accept custom emails, I will edit this post when is done!

EDIT: @DamaneDz, there is the video: https://vid.me/wLa3


I’m glad to see so many people having fun with this. I know i am. I created this thread before i read the rules regarding discussing the lab. Too late now.

1 Like