Friendzone - HackTheBox

pm me pls…i m stuck at a point…need some help

Hi mates, have enumerated 53, see domains, edit my resolv.conf for new DNS server and cant get any of new domains. Is this supposed to be like this or just my PC issue?

Hi,

I identified the proper file to proceed with priv esc, but still getting an error when using it. Can someone give me a hand on this?

PP

Hey, Could someone PM for a nudge? Stuck with the ti****mp param and how it works.

Cheers!

Really liked this machine in regards all enumeration steps and how to link everything together. As the other folks already stated, enumeration is the key and from my perspective, it’s harder to get the user than the root

Stuck at dashboard/upload part…

can’t seem to figure out the upload dir nor what this timestamp has to do with it. Any PM/Hints would be appreciated :).

Type your comment> @Rucker said:

Hi mates, have enumerated 53, see domains, edit my resolv.conf for new DNS server and cant get any of new domains. Is this supposed to be like this or just my PC issue?

Same here! Yesterday it worked, and got the popcorn gif, but today i tried to access i got connection refused! :anguished:

Type your comment> @chojin said:

Stuck at dashboard/upload part…

can’t seem to figure out the upload dir nor what this timestamp has to do with it. Any PM/Hints would be appreciated :).

Same here! Need a nudge. Please PM me.

A bit stuck on the initial foothold on this one. I’m at the LFI step, but can’t seem to find the file I uploaded. Would someone PM me a nudge?

Edit: Got User. Still Struggling with Root

Edit 2: Rooted. PM if you need a nudge and special thanks to @EXC3L, @takeiteasy, and @BigDaddy for the assistance.

Darn… overlooked it 100 times. Got user… next up . root :slight_smile:

cannot put the d********.php clue and the upload function together. so stumped. if anyone has a minute for a pm i would appreciate it. i’ve done a lot of dns enumeration and tried uploading to another location too, still just not putting it together.

At last, rooted, privesc is by far more intuitive and realistic.
User is fine-ish, but some parts are just a bit too CTF for me, there’s some quesswork involved, but is managable. Most imporatantly don’t give up and don’t go too deep if you’re not sure that your approach is not a rabit hole, you’ll spare yourself some time.

If anyone needs help getting user/root feel free to PM me, happy to help.

Box was awesome, learned some new tricks and had a great couple of days figuring out things I overlooked to easy. Well created @askar !

chojinl

Usered without any hints from here. Easy.
Do not confirm that you cannot get root from www-data,
“Look Around” technique helped to get root from www-data.

Anyone about to go over some syntax ?

I can see exactly what has to be done, its obvious but I’m missing a slash or a question mark i believe

Edit - If an upload is too simple it wont register

I have also found two ways to upload files, using two different protocols.

Same boat.

Edit: Nevermind. Got it.

Initial Foothold

This machine is difficult because it leads to rabbit holes, the clues they give in some parts really did not help much, in fact those comments are traps for your brain! Hahaha

User

To start many users have said: Enumerate port 53, it helped me to see a video of a machine that makes the enumeration in the same port (In some parts of the thread they mention the tool)… Once you have it and you are on the Haha page it is not necessary to guess the things, look at the other “service”, list it, the creator put a comment that leads to the RCE and I did not see it, it was thanks to @dispareo that helped me.

Root

In the privesc I lost too much time doing stupid things … I got it thanks to this track, it’s too good:

@humurabbi said:
Rooted Successfully.
Hint for user: The only reason this machine is difficult is due to large number of rabbit holes. So the first you need to identify and dodge them. Look for the comments to identify them
For root: pspy can be helpful
Finally thanks to all the users for providing valuable hints in the forum. Without you, it would not be possible :slight_smile:

Hack the box

When you find the magic file do not think about it much, you have to read the book and scratch it carefully!

Please pm me, i can’t enumerate dns

Quite stuck on the box, I got the source code of (I guess?) the whole 3 websites, but can’t find any RCE. Feel like I miss something, doing my whole enumeration again but nothing is showing up at the moment.

EDIT : rooted.

Thanks a lot to @clmtn for helping me on user part, I was missing the “guessing” part to get RCE.

Took me 5mn to go from www-data to root. I confirm it is possible to do so without user.

Did not like quite much the box as it’s too CTF-like. (guessing part drove me mad)
Still I upvoted it, because I learnt a lot about port 53 ! Thanks to the creator.

Type your comment> @Nofix said:

Quite stuck on the box, I got the source code of (I guess?) the whole 3 websites, but can’t find any RCE. Feel like I miss something, doing my whole enumeration again but nothing is showing up at the moment.

EDIT : rooted.

Thanks a lot to @clmtn for helping me on user part, I was missing the “guessing” part to get RCE.

Took me 5mn to go from www-data to root. I confirm it is possible to do so without user.

Did not like quite much the box as it’s too CTF-like. (guessing part drove me mad)
Still I upvoted it, because I learnt a lot about port 53 ! Thanks to the creator.

Nice one. Just to clarify, you can fuzz the path you need to hit for RCE. :slight_smile: