We covered HackTheBox FriendZone as part of CREST CRT track. We went over DNS zone transfer, SMB enumeration and performed privilege escalation using python OS library.
FriendZone is an easy difficulty Linux box which needs fair amount enumeration. By doing a zone transfer vhosts are discovered. There are open shares on samba which provides credentials for an admin panel. From there, an LFI is found which is leveraged to get RCE. A cron is found running which uses a writable module, making it vulnerable to hijacking.
Video Walkthrough
Show Comments