How to make a POST request on the browser console?

Asked

Viewed 1,030 times

0

Good night, you guys! I’m studying penetration tests on an attack-oriented study site. In order to register I have to "hack" the registration page. Basically I have to enter a function in the browser console and it automatically generates the code.

The code is this:

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 i(4){h 8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1 j(){$.9({a:"7",5:"6",b:\'/d/e/k/l/m\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}',24,24,'response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify'.split('|'),0,{}))

I type in makeInviteCode() console; and it returns me an encrypted string in Base64 that decrypted informs the following message:

To generate the invitation code, make a POST request to /api/invite/generate

javascript javascript-events

1 answer

1


Let’s look at the code first.

When we accessed the URL responsible for creating these functions, we get the following code:

eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 i(4){h 8={"4":4};$.9({a:"7",5:"6",g:8,b:\'/d/e/n\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}1 j(){$.9({a:"7",5:"6",b:\'/d/e/k/l/m\',c:1(0){3.2(0)},f:1(0){3.2(0)}})}',24,24,'response|function|log|console|code|dataType|json|POST|formData|ajax|type|url|success|api|invite|error|data|var|verifyInviteCode|makeInviteCode|how|to|generate|verify'.split('|'),0,{}))

This code is responsible for creating the functions below:

function verifyInviteCode(code) {
    var formData = {
        "code": code
    };
    $.ajax({
        type: "POST",
        dataType: "json",
        data: formData,
        url: '/api/invite/verify',
        success: function(response) {
            console.log(response)
        },
        error: function(response) {
            console.log(response)
        }
    })
}
function makeInviteCode() {
    $.ajax({
        type: "POST",
        dataType: "json",
        url: '/api/invite/how/to/generate',
        success: function(response) {
            console.log(response)
        },
        error: function(response) {
            console.log(response)
        }
    })
}

Now that we know that the functions for generation and validation of tokens, let’s call the function to generation, for this just run the code below in the browser console:

makeInviteCode()

This function will return an object. This object contains:

  • status return
  • The token "encrypted"
  • And the enctype which is the way it was "encrypted"

These values are random, so you can receive the "encrypted" value in base64, rot13 etc..

Returned values

When I tested it, I got one rot13 and a Base64.

The base64¹ is a method for data encoding for internet transfer (MIME encoding for content transfer)

Already the rot13 is the rotation 13 times of a given letter of the alphabet, for example, if we take the letter a and rotate 13 times, the value will be n.

To transform these values, you can use websites such as:

http://www.rot13.com/
https://www.base64decode.org/

Sending POST type request

Now that we know what to do, we will capture our invitation. For this it is necessary to send a request of the type POST to the URL indicated in the above step.

For this we will use the XMLHttpRequest, for example:

let xhr = new XMLHttpRequest();
xhr.onload = function( e ){ console.log(e.target.response) }
xhr.open("POST", "/api/invite/generate")
xhr.send();

Ready! We already got our code. Now just decode the code in base64 and you can already register on the site.

Obs.: Although it helps to achieve this, the fair thing is that you always and always look on the internet. The "grace" is in discovering.

References:
¹ What is the encoding for in Base64?

  • Valdeir, thank you very much for your reply!

  • 1

    But I managed to solve this puzzle! I used a request in ajax. When I went to requisition the code he gave me the code in Base64, and decoded it, I got the invitation serial. Despite his beautiful answer and explanation, I managed to find the answer myself.. I was very happy to manage alone.. But still, thank you very much!

  • 1

    @Sandsoncosta how good it was before the answer. Here is a tip from a site for studies: https://security.stackexchange.com Good studies!

Browser other questions tagged javascript javascript-events

You are not signed in. Login or sign up in order to post.