Let's look at the code first.
When we access the URL
responsible for creating these functions, we get the following code:
eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\b'+e(c)+'\b','g'),k[c])}}return p}('1 i(4){h 8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1 j(){$.9({a:"7",5:"6",b:\'/d/e/k/l/m\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}',24,24,'response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify'.split('|'),0,{}))
This code is responsible for creating the functions below:
function verifyInviteCode(code) {
var formData = {
"code": code
};
$.ajax({
type: "POST",
dataType: "json",
data: formData,
url: '/api/invite/verify',
success: function(response) {
console.log(response)
},
error: function(response) {
console.log(response)
}
})
}
function makeInviteCode() {
$.ajax({
type: "POST",
dataType: "json",
url: '/api/invite/how/to/generate',
success: function(response) {
console.log(response)
},
error: function(response) {
console.log(response)
}
})
}
Now that we know the functions for generation and validation of tokens, we will call the function for generation, so just run the code below in the browser console:
makeInviteCode()
This function will return an object. This object contains:
-
status
return
- The% encrypted "%"
- And
token
which is how it was "encrypted"
These values are random, so you can get the value "encrypted" in enctype
, base64
etc.
Return Values
When I tested, I received a rot13 and a base64 .
rot13
is a method for encoding data for download on the Internet (MIME encoding for content transfer)
Since base64¹
is the rotation 13 times of a given letter of the alphabet, for example, if we take the letter rot13
and rotate 13 times, the value will be a
.
To transform these values, you can use sites like:
link link
Sending POST request
Now that we know what to do, let's capture our invitation. For this it is necessary to send a request of the POST type to the URL indicated in the step above.
For this we will use n
, for example:
let xhr = new XMLHttpRequest();
xhr.onload = function( e ){ console.log(e.target.response) }
xhr.open("POST", "/api/invite/generate")
xhr.send();
Ready! We got our code. Now we just decode the code in
XMLHttpRequest
and you can already register on the site.
Note: While helping to achieve this, it is fair that you always and always look on the internet. The "grace" to be discovering.
References:
¹ What is Base64 encoding?