Friendzone - HackTheBox

Finally rooted this, learnt many new things from this .
If anyone want help feel free to PM me.

A little hint : “Get to the save zone”

:slight_smile:

@sesha569 carefully examine your nmap results.

Type your comment> @Dante055 said:

@sesha569 carefully examine your nmap results.

Thanks for your reply buddy. Got ride of that. Now at time*****p…

@sesha569 try including some files on the server

Type your comment> @xeto said:

Type your comment> @egotisticalSW said:

Stuck on foothold. Managed to ‘put’ a file somewhere. I can see that something went wrong! I’m playing around with the pa****me para trying to access the file I ‘put’ there earlier. But no dice. Any hints?

I finally got it. If you still don´t know the path of your uploaded file, try to enumerate more the service where you uploaded the file. You can do this with a tool which you already used in the beginning. (Maybe also with other tools) I assume that you uploaded the file to the correct service ^^ If you enumerate enough, you will get all pathes.

Thanks, finally got user.

Enumeration is key folks! Also my ‘go to’ reverse shell didn’t work, so I used another one from this page - Reverse Shell Cheat Sheet | pentestmonkey

Onto root!

Can someone please give me a hint on “haha” page, i am trying to do something with pagename param but getting no where. Also uploaded files over that https uploads page, but also nothing that i could use. Thanks!

Type your comment> @m1chaelsh1 said:

got the zlib file and decompressed , but have no idea to read it ,Am I in a rabbit hole?

yes its a rabbit hole

Spoiler Removed

off topic: that box is not so easy. if it was easy, we would have more user or root. People who found it easy, I would like to know if they got hints or not.

I, after long time decided to start over with HTB, thinked a 20 point box should be perfect for warm up. Help… after hours I am stuck after enumeration, this box not so easy!

I did enumeration on a specific port (z*** tr******) and found a couple interesting thing BUT it’s all on the same address so…how do I differentiate between them?

NVM, I was being dumb :slight_smile:

Type your comment> @peek said:

off topic: that box is not so easy. if it was easy, we would have more user or root. People who found it easy, I would like to know if they got hints or not.

i totally agree… having a mindset that this box is 20p, will make you overlook many things.
also, it definitely is not considered an easy box… or at least it should be rated with high difficulty as an easy box

Finally got user! What a ride haha, Struggling now with root am totally lost

Wow this box is driving me nuts! Found a put and various pages but really at a loss on where to go next. Feel like i’ve enumerated the ■■■■ out of it

Type your comment> @bluealder said:

Finally got user! What a ride haha, Struggling now with root am totally lost

same here, no clue about root

As usual, enumeration is key. Make sure you have good documentation. Don’t miss simple things like “comments”. They are there for a reason, to provide hints or to draw your attention that it’s a rabbit hole.

Hi can some one give me a hint what to fill in after pa******me=
A url on a how to would also be fine. struggeling for two day’s on this

Stuck on ZzzZ**** . Is it a rabbit hole?

R00ted ! Thanks to @askar for this awesome box. Sometimes brainfuck but cool especially the way to get root.

Hint to get root : focus on the snake :wink:

Type your comment> @jvlavl said:

Hi can some one give me a hint what to fill in after pa******me=
A url on a how to would also be fine. struggeling for two day’s on this

Found it