Possibly Related Threads…

DataNinja · Jun 01, 2024, 10:45 PM

any hint to root?

maggi · (This post was last modified: Jun 01, 2024, 10:55 PM by maggi.)

Oh wait I got it....

osamy7593 · Jun 01, 2024, 10:49 PM

(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

DataNinja · Jun 01, 2024, 11:05 PM

(Jun 01, 2024, 10:49 PM)osamy7593 Wrote:
(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

That is simple, you need to find the ID of an employee with admin privileges for example '2' and convert it to base64. After that, obtain the QR code and get the content similar to this: http://freelancer.htb/accounts/login/otp/Njk2OQo=/670765xxx/. Then, only change the value 'Njk2OQo' to the base64 ID(2), and you will get this: http://freelancer.htb/accounts/login/otp/Mgo=/670765xxx/. You will be an admin.

maggi · Jun 01, 2024, 11:16 PM

I kep getting OTP expired

NoNameBTW · (This post was last modified: Jun 01, 2024, 11:20 PM by NoNameBTW.)

I got admin account but idk how to get user anyone can help

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: selling in HTB

maggi · Jun 01, 2024, 11:27 PM

(Jun 01, 2024, 11:05 PM)DataNinja Wrote:
(Jun 01, 2024, 10:49 PM)osamy7593 Wrote:
(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

That is simple, you need to find the ID of an employee with admin privileges for example '2' and convert it to base64. After that, obtain the QR code and get the content similar to this: http://freelancer.htb/accounts/login/otp/Njk2OQo=/670765xxx/. Then, only change the value 'Njk2OQo' to the base64 ID(2), and you will get this: http://freelancer.htb/accounts/login/otp/Mgo=/670765xxx/. You will be an admin.

How do you find the id I keep getting otp errors when entered?

NoNameBTW · Jun 01, 2024, 11:30 PM

(Jun 01, 2024, 11:27 PM)maggi Wrote:
(Jun 01, 2024, 11:05 PM)DataNinja Wrote:
(Jun 01, 2024, 10:49 PM)osamy7593 Wrote:
(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

That is simple, you need to find the ID of an employee with admin privileges for example '2' and convert it to base64. After that, obtain the QR code and get the content similar to this: http://freelancer.htb/accounts/login/otp/Njk2OQo=/670765xxx/. Then, only change the value 'Njk2OQo' to the base64 ID(2), and you will get this: http://freelancer.htb/accounts/login/otp/Mgo=/670765xxx/. You will be an admin.

How do you find the id I keep getting otp errors when entered?

Just visit Jobs dashboard, click on that and click on the profile pic, you can see in the URL the user id.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: selling in HTB

osamy7593 · (This post was last modified: Jun 01, 2024, 11:40 PM by osamy7593.)

i'm the admin now what after ? where is sql terminal to get a rev shell?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

DataNinja · Jun 01, 2024, 11:42 PM

(Jun 01, 2024, 11:31 PM)osamy7593 Wrote: i'm the admin now what after ? where is sql terminal to get a rev shell?

http://freelancer.htb/admin/

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	27	2,619	1 hour ago Last Post: adamnowak123
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	38	3,241	1 hour ago Last Post: adamnowak123
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	95	8,679	2 hours ago Last Post: zxACASD
	CBBH Write Ups	hiddenhacker	26	6,676	11 hours ago Last Post: d39ug
	[FREE] HackTheBox Dante - complete writeup written by Tamarisk	Tamarisk	606	94,492	11 hours ago Last Post: Gotoschool