Official Luanne Discussion

Type your comment> @Eren said:

Somebody can give a hint? I am stuck at json cities part.

I believe they’ve misspelled one of the cities, did you check that direction ?

edit: the “misspelled” i wrote is not imply on an actual misspelling.

Type your comment> @exord26 said:

one more time its not a easy machine !

I totally agree, it looks really like CTF based, do not like such stuff.
Rooted already, but not so fun as it was with another BOXes.

got shell for _* user,
currently moving to get r.* user

Wouldn’t have done it without a nudge…

Cool box, but the ratings lately are completely meaningless. Any newjoiner with basic knowledge would be put off by the last two easy boxes which weren’t easy at all; and last week’s HARD only has 20 roots after more than a week which prob put it in the same basket as most INSANE machines.

I dont think im doing the correct command for root. Im using net*** to de***** the file in ba***** but its giving me random characters that are not on a keyboard. Can someone PM me a nudge?

Just rooted the machine.

# whoami && hostname
root
luanne.htb

I enjoyed the box! A nice break from the Insane and Hard box I recently completed. I would say this is a little harder than easy, but not too difficult. I haven’t read through the discussion yet to see what hints have already been given so I’ll refrain until I have.

In the meantime, feel free to DM me if you need a nudge. :smile:

any nudge to root?

Type your comment> @DancinHype said:

I dont think im doing the correct command for root. Im using net*** to de***** the file in ba***** but its giving me random characters that are not on a keyboard. Can someone PM me a nudge?

@DancinHype said:
I dont think im doing the correct command for root. Im using net*** to de***** the file in ba***** but its giving me random characters that are not on a keyboard. Can someone PM me
you should try something else somewhere

Type your comment> @hb86125295 said:

Type your comment> @DancinHype said:

I dont think im doing the correct command for root. Im using net*** to de***** the file in ba***** but its giving me random characters that are not on a keyboard. Can someone PM me a nudge?

@DancinHype said:
I dont think im doing the correct command for root. Im using net*** to de***** the file in ba***** but its giving me random characters that are not on a keyboard. Can someone PM me
you should try something else somewhere

Yeah I figured it out and rooted im just a little slow on figuring out where I can C***** files :slight_smile:

Was confused in the begining, thanks @Goggstar and @atomman for the help!

whoami && id

root
uid=0(root)

I think I am a good hacker for a 15-year-old :slight_smile: I like ‘hack the box’.

Root obtained - thanks to @DancinHype for the pointer on priv esc.

Overall, not an easy box to be honest. Requires some oddly specific steps which didn’t feel very discoverable compared to other easy boxes. Definitely a Medium at least.

Type your comment> @tyrantwave said:

Root obtained - thanks to @DancinHype for the pointer on priv esc.

Overall, not an easy box to be honest. Requires some oddly specific steps which didn’t feel very discoverable compared to other easy boxes. Definitely a Medium at least.

Dont worry others recently have been saying that the difficulty seemed off. And my post right above this lol.

Got a shell, but am now drawing a blank, since none of the scripts returned anything useful. Got a few passwords, but they don’t work for the desired user.
Should I hunt for more creds (though I can’t imagine where to find more), or am I on the wrong track?
Never had to deal with such systems (AFAIK), so no idea where to continue hunting.

Type your comment> @HomeSen said:

Got a shell, but am now drawing a blank, since none of the scripts returned anything useful. Got a few passwords, but they don’t work for the desired user.
Should I hunt for more creds (though I can’t imagine where to find more), or am I on the wrong track?
Never had to deal with such systems (AFAIK), so no idea where to continue hunting.

yup, same exact situation, BUT, as our fellow @TazWake always says - try and used the loot in other services.

I’m currently trying to understand the usage of libex** with that 3*** port.

The weather isn’t getting me anywhere. r.**** seems promising but no credentials found yet. Got into the “other” website and found some info. But I am stuck at the moment. Am I going in the right direction? First time trying an active box and it is challenging.

Funny thing about the weather - we always like to complain about it, especially when what we expect is wrong.

Servers, like us Brits, are alike in this.

Got root! It was very interesting experience, especially with privilege escalation, it seems pretty straightforward now, but you have to use some os specific commands

A bit CTFy. My 2cents:
Foothold: play around with that parameter
User: enum and pay attention to how the app is run, but it still won’t make much sense at the end
Root: a bit of further enum and a couple of OS-specific tools and you’re done

Also, I see there is yet another discussion about the difficulty. It’s always going to be subjective. I stopped paying attention to that a while ago.

rooted, nice box.
was stuck for a few hours because of ‘~’.
thanks @polarbearer
and thanks @trab3nd0 for his help also.