Friendzone - HackTheBox



  • any hint for haha page i am stuck in LFI
    i know where stored this shell in /e**/F****
    but i dont understand what you do

  • I have to admit, i'm completely lost at this moment. I think i have found subdomains, paths in Brazilian but i have no idea what's next. Could someone help me with this?

  • edited May 2019

    Get the Cred Done
    W/R Done
    ZT an Sub Done
    Stuck in Jackson and not developed / LFI :(

    Edit : Got User

  • not sure what I am looking at or for on my initial scan of this box. I have tried various things looking for a way in, but nothing. I have read through these comments and found some things but no way into the box. I am terrible at deciphering the cryptic hints. Any help?

  • edited May 2019

    any Hint about ti******p in HAHA Page
    (LFI or >> RCE )

    Edit : Got User

  • edited May 2019

    I'm struggling with Priv Esc part. I know what to do but it's not working. Need some nudge.

    edit: nvm. got root

    Hack The Box

  • I am stuck to get root, any help?

  • can someone help me with what to do after dns enum?

  • Can someone give a hint to the LFI? im at Haha and have been trying to use the includes to call on the shared file for RCE, but im getting incredibly stuck and my research is leading me down rabbit holes

  • Finally got user! I was stuck for half a day because of a typo, and half a day because I assumed things...

    @kzelman You're almost there. You might want to take a step back and consider how you got there. Enumerate thoroughly and you'll find your destination.

    @Th3R4nd0m More enumeration... Until you think it's enough and then some.

  • edited May 2019

    Could someone PM me a hint how to use the LFI? I guess I upload a php file and then call it from the dashboard page... And am using the full path. Not working for me...

    ...getting "Something went worng"... message...

    basically stuck at "haha" like so many other people, lol

    If my comment somehow helped you, you can show your appreciation with a Respect :)

  • I got user and root, thanks @DaChef and @BigBoss
  • I've been stuck at haha for days....not so haha. tried various LFI tricks, i can see the path from my enumeration...i don't know what the hell i'm doing wrong. any hints? thanks


  • This was one the most difficult machine I've faced until now. Not because it's really hard, but because it's so full of rabbit holes that makes you crazy!!!

    Anyway, I've got user.txt (after a couple of days) and root.txt, that need a couple of minutes if you know what is going on, but a while if you want to learn something new :)

    Thanks to everyone that helped me, expecially to @p0wn3y for the first part and @m4xp0wer and @absf1 for the root part.

    A couple of hints:

    • initial foothold: enumerate every port you've, every information you get can be useful for the next steps, and I mean every!

    • user: when you get the right page (that gives you "information" about what you should do) try to understand well what is going on

    • root: enumerate well, something will come up (follow the g0tmilk guide). As other have said, then follow the snake. Try to understand well how it works and you'll be fine

    PM if you need more help!

    Hack The Box

    Message me with 1) Problem description 2) What did you try so far? 3) Your ideas about next steps

    If you appreciate my help, please give me +1 respect

  • @KaiserPhoenix said:

    • user: when you get the right page (that gives you "information" about what you should do) try to understand well what is going on

    Absolutely, I've spent an hour reading up on what I'm doing and what to do with that, which made understanding and using the vulnerability in that environment super easy. Once I understood what's going on, it was a walk in the park. (total beginner here btw...)

  • envenv
    edited May 2019
    Rooted! Thank you very much for @askar for this box! If anyone need some help feel free to PM :smiley:

    Hack The Box

  • edited May 2019

    Totally stuck. Did Z*** T******** on famous ports but can't get anything out of it. Can someone pm me? Thanks :)
    Edit: Confronting to LFI now :)


  • Could use help with this. There has to be a way to do PrivEsc without having to modify a python library right? Seems like a good way to break the box and force a reset

  • edited May 2019

    I am about to lose it over dns enum. could somebody please PM me and tell me how to properly edit hosts?

    Edit 1: got it, time to confront LFI

    Edit 2: Rooted

    Tips -

    Initial foothold: enum 53 like hell. Ippsec bank really is the way to go. dont forget different web protocols...

    User: to get to RCE you need to enum 443. once you get to the fabled HaHa you need to really understand what the script does. the vulnerable param might surprise you. find your uploads through nmap scripts.

    Privesc: to escape w******a you need to look nearby. For root, check what unusual files you have access to and go with your gut. As has been said several times, pspy is awesome.

    thanks to @askar for the awesome box, and @KaiserPhoenix for the help with DNS

  • Stuck on LFI like many others, I know the file location, I've uploaded files. Can't get the ti******* parameter to hit it though.

    Any hints would be appreciated.

  • Hints/Tips for this box:
    Enumeration obviously, admin thing (pay attention to listing details), ZTs!, lfi (lots of noise, keep it simple)


  • I'm new to htb, can someone pm some hints. I've enumerated as much as I know how to and gotten back most of what people have mentioned. I think I'm missing haha and c***.txt but not to sure where to go from here

  • I'm completely stuck on privilege escalation for a day. I thought I knew where to go but I'm just stumped. If anyone could offer a nudge it would be greatly respected.


  • Thanks @AnonyBit for helping me with root.

    For those stuck on LFI: Do more research what LFI is and what it can do. Start from zero and verify one assumption at a time. In other words: Try harder :lol:

  • I am back again. I was bussy in the OSCP lab for exam prep. I am working on root but my exploit is not working. I ask my colleque for help but he has the same problem. I can go in details because of spoiler. Can someone send me an PM to discus this?

  • edited May 2019

    This box was simply fantastic. It really helped me refresh some lingering enumeration skills and made me think. I missed the answer about 5 different times and without a much needed nudge from @marvin7408 I'd still be stuck.

    Very CTF but still and excellent box.


  • Found the admin page and credentials. Used a different computer that I no longer have access to, and by using burp and changing host, I got a 200 code.
    Yet now, on my own laptop, I keep getting 400 codes.
    Anyone know the login step that they can help me with? Or if there's another way to work on the admin login page?

  • Stuck with LFI for days already, tried probably everything. I guess I know the location where to look for, but nothing seems to work. Would really appreciate if somebody could message me and put me on right direction.

  • Like others I got stuck with the LFI and thanks to @zweeden got unstuck. My issue was not thinking enough about extensions - not being a p*p coder. As always, learned a lot.

  • Help wanted for LFI and RCE, PM me to know what I've done yet. Thanks for your help.

Sign In to comment.