Hackthebox Vip Coupon Code

[In Libman]

ChallengeDescription: Having missed the flight as you walk down the street, a wild vending machine appears in your way. You check your pocket and there it is, yet another half torn voucher coupon to feed to the consumerism. You start wondering why should you buy things that you don't like with the money you don't have for the people you don't like. You're Jack's raging bile duct.

We can see a simple web application that appears to be a virtual vending machine interface. The interface includes a grid of options labeled with letters (A, B, C) and numbers (1 to 9), similar to the layout of a physical vending machine. Each option corresponds to a specific price, ranging from $0.15 to $13.37. The text "HTB Coupons Accepted! Insert coins below!" suggests that the application accepts some form of coupon or token for transactions.

The authentication is tied to session cookies set on initial visits. Specifically, the AuthMiddleware middleware checks the request for a session cookie. It then verifies there is a corresponding user session with that ID in the SQLite database.

To bypass this authentication, we can call the /api/reset endpoint. This resets the session cookie by clearing it from the response. Now when we make further requests, there will be no session cookie so the backend cannot verify the session. This allows us to make requests as an unauthenticated user and bypass the intended login flow.

I confirmed this by making requests in Burp Suite. A request to /api/reset returns a 200 OK response that removes the session cookie. Subsequent requests no longer contain the session cookie, and the API endpoints allow access without authentication.

I also tried fuzzing different prefixes besides "HTB_" but did not find any valid formats. After manually testing prefixes like "COUPON", it seems the application only accepts codes starting with "HTB_".

The key insight is that we can exploit an asynchronous race condition in the coupon redemption code to multiply our credits. Because the application uses async/await, the voucher verification steps run in parallel.

This allows us to rapidly send multiple parallel requests to redeem the same HTB_100 code before the application has updated the database to disable it. Each request verifies the coupon is valid and adds 1 credit, so 15 parallel requests gives 15 credits from a single coupon code.

This challenge demonstrated how a logic flaw in implementing asynchronous voucher redemption allowed multiplying credits from one coupon. By combining coupon code fuzzing with an asyncio-based script to exploit the race, we could escalate 1 credit to 15+ and retrieve the flag by purchasing the target C8 item.

If you know of any Red Team training, or training that is close enough to be of benefit to Red Team operations, please drop me a line at redteamtrainingreviews @ redteamtrainingreviews.com and I will add it to this site. Not sure when I will get around to taking it, much less writing a review (both money and time are very tight at the moment), but at least I can have a placeholder for the future!

Things are going slowly for several reasons. First, I am building this site from scratch (using Notepad++ and some templates from ) so I am trying to figure out how to create web pages as I write my reviews. Secondly, I am taking all this training and it eats a lot of my free time.

Please don't think any of this came easily to me. It has taken years and years of hard work, constant learning and so many failures that it is barely believable. But one success can fill the void that a thousand failures have made. And I love to learn, so Penetration Testing / Red Team work is the perfect field. Let your failures teach you and always push forward.

Sunt in culpa qui officia deserunt mollit anim id est laborum consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco.

I have made a lot of changes to various pages on this site. To some pages I added content, and to some pages I deleted content. I felt like I was ramblings on some of the reviews (published and unpublished). I have been trying to organize my thoughts and create the main reviews in such as way that the reader can compare each class in similar layout. I may got back and add my thoughts/ramblings as a sub-page to each course.

k>fivefour is starting 2024 out right. We are currently holding an RTAC class with updated materials to include new TTPs and BOFs. A more really exciting stuff is in the works. RTJC will be updated soon with new TTPs. The "Masters" program is being worked as well. New environments are coming soon as well.

I also went through the RTFM Video Library videos and answered all the quizes. The videos are pretty compact and full of good information, and the quizes were good too. Got my challenge coin in the mail today as well as some other swag. Really cool stuff.

Some exciting news is coming soon. If not later this year, early next year. I need a little time to get some stuff done before I make a formal announcement. But it should be more fun than some simple training class reviews.

Lots of updates. First, I took the K>FiveFour Red Team Journeyman Course exam for the second time. Two days of testing and to say I am exhausted is an understatement. You don't have to have a technically challenging exam for it to be brutal.

Just signed up for Altered Security - AD CS Attacks for Red and Blue Teams Lab. I had already been doing a super massive deep dive in to AD CS (some TryHackMe, some HackTheBox, Alh4zr3d's Demo/Teaser and much, much, more) so I expect this will just be icing on the cake.

And speaking of HackTheBox, I got another 50 pound gift card to the HackTheBox swag shop. Do I risk using it and paying another 12 pounds shipping to get stuff I didn't want and didn't order and then have to beg people to take, or do I save my 12 pounds and buy more training???

Got an e-mail from HackTheBox saying I had a discount code for 'Season 1 6-10'. I was like 21 so I don't know what that means. And all the e-mail says is to use the code at checkout. What is the code for? Which checkout? Why not take the time to explain more in the e-mail???

Sitting in on the K>FiveFour Red Team Journeyman Course for the next few weeks, as time permits. The training has changed since I first took the class. If I get a chance to take the exam next week, we will see if me having a few years more of red team experience helps me this go around.

Without going in to the numerous reasons why... let me just say for the record that Hack The Box has lost all my respect (and I do not recommend placing an order with the Hack The Box Swag Shop ever!) I will probably cancel my subscription, that I have held since March of 2019, but I will make that decision a little closer to the end of my currently subscription. And I may actually remove any review of their materials from this site.

Update 10 July 2023: Not as upset with HTB as I was that day, but it is going to take a lot of them getting stuff right before I will recommend them ever again. And the stuff that the Hack The Box Swag Shop shipped me (still don't recommend them based off mine and a large number of my friend's experiences), INSTEAD of what I ordered, has been donated as CTF prizes after everyone I offered them to refused them as well.

I had seen on Twitter a few weeks back (maybe a bit longer) about the TryHackMe Red Team Capstone Challenge. I remember seeing a lot of people not happy about things, but I didn't remember what they were because weeks had gone by and I wasn't very interested after reading the Tweets so I had purged it from my mind. A while later, a friend sent me a link and asked if I had done it. Having forgotten all the drama, I decided to look at it again.

I clicked the link and was told that you had to be a paying customer to access it. Ah, yeah, now I remember some of the chatter on Twitter. But $15 for a month is worth trying. "Well it is cheaper than other options", is what I thought. So I paid the $15

That is when I noticed a 7 day streak was needed to join. Ugh. I now remember all the chatter about that. And I had a little knot of dispair in the pit of my stomache. Oh well, I can wait 7 days and do a little something while I wait to get access. And as it turned out, I submitted a question, got a single day, and then a few hours later, I suddenly got a new day (guess the time zone difference.) So I wasn't as sad.

I did some easy rooms, and I really liked the layout. I just loved the double screen stuff. Maybe I missed some 'intro' class, so I did have a small learning curve on some of the things I worked on. I started the Red Team Track and was enjoying what I was going over (mostly just the intro stuff but it was pretty good.) Finally I hit the 7 day streak, stopped the red team track, and jumped in. I had 10 days to go. Which was really 9, but I could handle it.

And that is when the trouble started. I read all the info, jumped in, and started. It created me an email account, that didn't work, so I moved on to another box. Then I was working on that, and suddenly stuff stopped. I had been checking the page to make sure the lab didn't expire, and something happened but and now nothing worked. I never hit the extend button because I had read to refresh the page first, which I had done and there was time left in the lab but nothing inside the lab worked. No web pages, nothing. So I logged off for the day.

The next day, I was working on stuff (my email worked the second day after I went into the portal and had it verify it), and suddenly the lab resets right in the middle of trying things. Yup, as luck would have it, the VPN box seemed dorked, or someone was dorking it, and people just kept spamming the reset button.

I did a little rage quit. Left the room and went to bed. Got up and joined again. Noticed that my network diagram had new IP ranges, and so I had to do a little work to change my payload loader so that it would work for the new range. Once I had my code changed, compiled, tested against A/V to make sure it didn't get caught, I started back on the challenge.

3a8082e126