DNS Zone Transfer and Python Privilege Escalation

We covered HackTheBox FriendZone as part of CREST CRT track. We went over DNS zone transfer, SMB enumeration and performed privilege escalation using python OS library.

FriendZone is an easy difficulty Linux box which needs fair amount enumeration. By doing a zone transfer vhosts are discovered. There are open shares on samba which provides credentials for an admin panel. From there, an LFI is found which is leveraged to get RCE. A cron is found running which uses a writable module, making it vulnerable to hijacking.

Get OSCP Notes

Video Walkthrough

CREST CRT track, CTF Writeups, HackTheBox, HackTheBox FriendZone, Linux privilege escalation

Show Comments

MasterMind Study Notes

About the Author

Mastermind Study Notes is a group of talented authors and writers who are experienced and well-versed across different fields. The group is led by, Motasem Hamdan, who is a Cybersecurity content creator and YouTuber.

View Articles

DNS Zone Transfer and Python Privilege Escalation | HackTheBox FriendZone

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Press ESC to close

DNS Zone Transfer and Python Privilege Escalation | HackTheBox FriendZone

Leave a Reply Cancel reply

MasterMind Study Notes

About the Author

Share Article:

You might also like

Vulnerability Scanning in Cyber Security | FREE Short Course

TryHackMe Hashing and Cryptography 101 | TryHackMe Hashing – Crypto 101

TryHackMe Log Universe