Friendzone - HackTheBox

root@FriendZone:~# id
uid=0(root) gid=0(root) groups=0(root)

PM if you need help, happy to do so!

My head was spinning with this box, and at some point i felt really friendzoned. Some comments to avoid getting stuck in the tornado. This box behaves in different way depending on ‘how’ you request the information, in that way you will access to that THING and with some ha ha’s you can get a foot hold in there. Privesc is tricky, but it’s a common vector its not 1 command, maybe 2 lines of code but definitely 2 minutes to get. I just have a doubt am i out of the FriendZone or i just struggle to get in…

Got user and root both ways, file and root shell. This felt more like a maze with a lot of turns with no exit, until u make the right turn and boom You are ROOOOTT!!! Thanks to KryptSec for the help on Discord. PM me if you need help with this!

Rooted.
I need a shrink after that foothold part.
PM for help.

On HaHa page , enumerated brazilian dance, found some subdomains but lost. Any help would be good.

Rooted.

After talking to many kind senior players, I finally knew the right way to determine the name of the z*** to tr******. Port 443 is important not only in exploitation, but also in recon. What I missed is to check something on it.

Have to admit this machine is interesting and helpful.

Thanks to all.

Got user special thanks to @Drragonn , helped me a lot . On way to root :smiley:

Hello New Player here!
I´m stuck on hahaa page dont know how to connect my uploads…
I think I have got the corrects path from s** enum and im guessing that pa***ame param is key but no clue.
Any hint that could help me??
Thanks!

I’m seriously stuck at the Ha Ha page, no clue what to do with p*****me param, need a nudge urgently, thanks.

Edit: got it, consider code often appending stuff. Nice box, a little too CTF for my taste. Thanks cyberus and Master123.

Rooted :smiley:
If anyone need help feel free to PM.

Could someone PM me a nudge? I’m stuck on the Haha page. I think I have an idea but help would be appreciated!

Type your comment> @JusticeSS said:

Could someone PM me a nudge? I’m stuck on the Haha page. I think I have an idea but help would be appreciated!

pm me i’ll help you…

Got user. Thanks to @ghost0437 :slight_smile:
Now on to root.

Thanks to @ghost0437 for the hint on the user part.
Had no fun at all with all those rabbit holes…
Root was simple, but cool, learned a new tool for watching cronjobs, so overall nice box :slight_smile:
If someone needs little help, feel free to pm

I reached point where I am told admin page is not ready. I am blank where to go next. tried fuzzing on all sd s… Could some one pm me and guide …

Can anyone drop some hints via PM, please? :smiley:

Type your comment> @dybtrono0 said:

I reached point where I am told admin page is not ready. I am blank where to go next. tried fuzzing on all sd s… Could some one pm me and guide …

Finally Rooted

I’ve dug up some info during my enum but I’m having trouble connecting to any of it. I suspect I’m doing something wrong with the r*****.c***. Can anyone point me in the right direction?

Anyone any tips for the right path (LFI)?

I’m going to be brutally honest here. I read all the forum plus some extra studies as well. Started to work on this box 2 weeks ago, daily 1 hours and I got nowhere. I know that a lot of you fine gentleman are up to help anyone. I am new to HTB, did a few metaspoilable, etc and if you guys tell me, that this is an easy box, than I will have no choice but to change career.
Enumerated, got the c###.txt with admin: W… I can’t find any haha[whatever] page, did like 15 types of dns enum. HOW?!
Please drop me a lifeline here, I am desperate, I nearly broke my laptop in half…