Possibly Related Threads…

DataNinja · Jun 01, 2024, 10:45 PM

any hint to root?

maggi · (This post was last modified: Jun 01, 2024, 10:55 PM by maggi.)

Oh wait I got it....

osamy7593 · Jun 01, 2024, 10:49 PM

(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

DataNinja · Jun 01, 2024, 11:05 PM

(Jun 01, 2024, 10:49 PM)osamy7593 Wrote:
(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

That is simple, you need to find the ID of an employee with admin privileges for example '2' and convert it to base64. After that, obtain the QR code and get the content similar to this: http://freelancer.htb/accounts/login/otp/Njk2OQo=/670765xxx/. Then, only change the value 'Njk2OQo' to the base64 ID(2), and you will get this: http://freelancer.htb/accounts/login/otp/Mgo=/670765xxx/. You will be an admin.

maggi · Jun 01, 2024, 11:16 PM

I kep getting OTP expired

NoNameBTW · (This post was last modified: Jun 01, 2024, 11:20 PM by NoNameBTW.)

I got admin account but idk how to get user anyone can help

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: selling in HTB

maggi · Jun 01, 2024, 11:27 PM

(Jun 01, 2024, 11:05 PM)DataNinja Wrote:
(Jun 01, 2024, 10:49 PM)osamy7593 Wrote:
(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

That is simple, you need to find the ID of an employee with admin privileges for example '2' and convert it to base64. After that, obtain the QR code and get the content similar to this: http://freelancer.htb/accounts/login/otp/Njk2OQo=/670765xxx/. Then, only change the value 'Njk2OQo' to the base64 ID(2), and you will get this: http://freelancer.htb/accounts/login/otp/Mgo=/670765xxx/. You will be an admin.

How do you find the id I keep getting otp errors when entered?

NoNameBTW · Jun 01, 2024, 11:30 PM

(Jun 01, 2024, 11:27 PM)maggi Wrote:
(Jun 01, 2024, 11:05 PM)DataNinja Wrote:
(Jun 01, 2024, 10:49 PM)osamy7593 Wrote:
(Jun 01, 2024, 10:45 PM)DataNinja Wrote: any hint to root?

bro how did u use idor in qr code

That is simple, you need to find the ID of an employee with admin privileges for example '2' and convert it to base64. After that, obtain the QR code and get the content similar to this: http://freelancer.htb/accounts/login/otp/Njk2OQo=/670765xxx/. Then, only change the value 'Njk2OQo' to the base64 ID(2), and you will get this: http://freelancer.htb/accounts/login/otp/Mgo=/670765xxx/. You will be an admin.

How do you find the id I keep getting otp errors when entered?

Just visit Jobs dashboard, click on that and click on the profile pic, you can see in the URL the user id.

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: selling in HTB

osamy7593 · (This post was last modified: Jun 01, 2024, 11:40 PM by osamy7593.)

i'm the admin now what after ? where is sql terminal to get a rev shell?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

DataNinja · Jun 01, 2024, 11:42 PM

(Jun 01, 2024, 11:31 PM)osamy7593 Wrote: i'm the admin now what after ? where is sql terminal to get a rev shell?

http://freelancer.htb/admin/

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	385	95,701	47 minutes ago Last Post: rasa420
	[MEGALEAK] HackTheBox ProLabs, Fortress, Endgame - Alchemy, 250 Flags, leak htb-bot	htb-bot	96	8,761	1 hour ago Last Post: rasa420
	[FREE] CPTS 12 FLAGS	pulsebreaker	86	3,063	1 hour ago Last Post: Mr_root
	[FREE] HackTheBox Academy - CAPE Path Study	Techtom	45	4,511	1 hour ago Last Post: BlazeFury
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	29	2,685	7 hours ago Last Post: newuser201