some tips and hints for hackthebox’s friendzone machine. walkthrough-style.
- doing a standard nmap scan, you can see a couple of interesting services, except standard.
- enumerate shared stuff. examine every file, you’ll find some useful things there. at this point also check, what’s writable and what’s not. you’ll need this info for next steps.
try harderdig deeper 🙂 although some dns enumeration tools fail, standard dig AXFR request works well.
- combine data, harvested on step 2, and dig results.
- obvious hint from dashboard shows us a way of RCE through LFI. you should use writable thing from step 2.
- look for some database credentials. they can be useful for accessing other services.
- for root flag, check all writable files on the system. there’s a strange one, which should not be writable and it’s name is quite self-explanatory 🙂
good luck and try harder.