Friendzone - HackTheBox

Could anyone point me to the right path? only found the 4 subdomains and found a page said it is not develop yet. thanks.

I’m stuck on HAHA page… I already try many requests to page d*******d.*hp. Anyone can help me pls?! Since yesterday trying to get user for this machine -.-

Type your comment> @jutice said:

Could anyone point me to the right path? only found the 4 subdomains and found a page said it is not develop yet. thanks.

Try using a different tool to enumerate the subdomains. And be sure you have all the correct domains.

Stuck on Privilege Escalation for a couple days. Someone PM me with a hint , please :heart:
I did find a nohtyp | rev script but stumped on the details…

Solid box, but slightly too CTFish for my taste. Msg me if you need a nudge

can I get a hint for the haha. Losing it over here…

Loved the privesc :slight_smile:

Able to upload a file via sm* and web, like others, not sure where it goes. Trying to manipulate timestamp param and image_id param, no luck. Any kind soul pm me a nudge?

*Edit: Got user, thanks bogglez for the nudge.

Trying to upload this RCE shell. Tried using PUT command for Brazilian dance, on the only RW share. But url, along with parameter doesn’t start RCE via netcat, so this must be incorrect. A hint to find out the correct vector, where to upload RCE would be appreciated.
This box is like a maze. So many rabbit holes and dead ends.

Edit: Got User

Please can someone PM me a hint on how to find the upload location for the LFI. I have figured out the LFI so can view the code in up***d.h file. I just can’t figure out how to include what was uploaded via Brazilian dance. Pulling my hair out!

Edit: Was almost there, someone else eluded to it earlier, there is a nse script that can give you the path. Can PM me for hints

If someone could give me a nudge it would be appreciated… Grabbed user fairly easily - enumerated and found the privesc method but don’t know how to make it give me root.

Thanks

Great box finally rooted:

User: Remenber that it is a site in development and it is CTF like so do not trust in everything you see, someone here posted a link to a vide that is a great reference for this step, combine it with basic web enumeration, with basic web exploitation and a Brazilian dance and your are going to get shell.

Root: Basic Linux enumeration search for everything (BUT DO NOT OVERTHINK) g0tmi1k is your best friend here (pspy isn’t required), if you can’t see the vulnerable stuff keep looking in g0tmi1k to do list

I’m trying the regular DNS enumerations, but I end up enumerating a real f******e.rd website…


Could someone drop me a message with a hint for the LFI? Ive got to an admin page which I believe gives a clue but i am unable to figure it out.

Thanks!

Rooted this one yesterday.

It is far more CTF-y than I like, but I have learned something almost every step of the way.

Establishing a foothold was definitely tricky and some amount of guessing was needed. I’m curious to find if some of the guessing was actually not necessary, and there was a better way of acquiring the information.

Thanks for @cbx for the suggestion to watch the Bank video, was quite stuck at that point.

can someone PM me the path for the HAHA or a Hint? Thanks

any hint for root I’ve been trying for hours, PM please with some help :c

Managed to get user and root :slight_smile:

I really enjoyed this box, I learned a lot!

Special shout out to @gokuKaioKen @N30C0UNT @ghost0437 for your help and guidance, much appreciated.

If anyone is stuck please drop me a PM!

Can someone please help me? I’m stuck at the admin page that isn’t developed yet :frowning: