Friendzone - HackTheBox

can someone pm me? i’m stuck at da*******.php . i found few things with wfuzz but no hint how to use them.

Enumerated, found some pages however stumped now. PM would be appreciated on the next

Type your comment> @ghostride said:

Been stuck in the same place since Saturday.

I have found the page with the pa**e=timesp parameter, and understand how the page works, and how it is exploitable.

I have also found two ways to upload files, using two different protocols. What I am stuck with now is where those files end up, and if they end up somewhere i can use them to exploit the vulnerability in the page

If someone has any non-spoiler hints, feel free to PM me :slight_smile:

Same here. I know how this exploit works. But I can´t figure out how to access the path. Pls any hint : /

Edit: Must have been something I was doing. Onto root!

In the same boat, i’m on haha, but i don’t know what to do to find the route to execute the exploit.

hiya. so had a little wobble on getting root. frigging knew what to do from first thought, but went off in some different direction. So ANYONE, feel free for some hints on first steps, it is only 20 point box and there’s more than one way to skin a cat!
Shell to root pointers, already been said, you’ll see something obvious, and like me you’ll dismiss it, lots of times. but think about it, what can you do? what do you need to check to see if you can do?

Type your comment> @Ishara1995 said:

guyz i found amn webpage in https. i used creds.txt on there after error comes page not dev… so what next bro. im struck on there

same here. what should i do?

Stuck on foothold. Managed to ‘put’ a file somewhere. I can see that something went wrong! I’m playing around with the pa****me para trying to access the file I ‘put’ there earlier. But no dice. Any hints?

@egotisticalSW i am in the same spot as you…

So ■■■■ keeps removing one of the pages :angry: Some of us are doing enum…

Type your comment> @egotisticalSW said:

Stuck on foothold. Managed to ‘put’ a file somewhere. I can see that something went wrong! I’m playing around with the pa****me para trying to access the file I ‘put’ there earlier. But no dice. Any hints?

I finally got it. If you still don´t know the path of your uploaded file, try to enumerate more the service where you uploaded the file. You can do this with a tool which you already used in the beginning. (Maybe also with other tools) I assume that you uploaded the file to the correct service ^^ If you enumerate enough, you will get all pathes.

Found the Test** **** ****tions ! page and stuck at it now. Although I know what it is but cannot find a way around. Can anyone help?

Hello everybody! Need some help on DNS enumeration…

Can someone give me nudge after Transfer ?

got the zlib file and decompressed , but have no idea to read it ,Am I in a rabbit hole?

Finally rooted this, learnt many new things from this .
If anyone want help feel free to PM me.

A little hint : “Get to the save zone”

:slight_smile:

@sesha569 carefully examine your nmap results.

Type your comment> @Dante055 said:

@sesha569 carefully examine your nmap results.

Thanks for your reply buddy. Got ride of that. Now at time*****p…

@sesha569 try including some files on the server

Type your comment> @xeto said:

Type your comment> @egotisticalSW said:

Stuck on foothold. Managed to ‘put’ a file somewhere. I can see that something went wrong! I’m playing around with the pa****me para trying to access the file I ‘put’ there earlier. But no dice. Any hints?

I finally got it. If you still don´t know the path of your uploaded file, try to enumerate more the service where you uploaded the file. You can do this with a tool which you already used in the beginning. (Maybe also with other tools) I assume that you uploaded the file to the correct service ^^ If you enumerate enough, you will get all pathes.

Thanks, finally got user.

Enumeration is key folks! Also my ‘go to’ reverse shell didn’t work, so I used another one from this page - Reverse Shell Cheat Sheet | pentestmonkey

Onto root!