Official Luanne Discussion

Nice to see a little variety in the OS types on htb.
hints:
Foothold: parameter needs some closure to move on
User: do some local authorized browsing
Root: more common tools you might be used to won’t work - find the safer and simpler os specific tools and you’re done

Easy box? ??

stuck on root

Anyone able to assist? I think i have found the parameter i need to change but not sure to what.

Type your comment> @wooly13 said:

Anyone able to assist? I think i have found the parameter i need to change but not sure to what.

PM me.

Didn’t like this machine… User was a little tricky and not an easy one but root was easy just stay home you will find something, simply ! Pm for nudge

Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.

There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.

Type your comment> @Hyp3rDrive said:

Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.

There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.

Others may disagree, but here’s my opinion. :wink:

The specific part you are taking about is somewhat artificial. Although in principle the way you “discover”, “guess” or “modify” that type of data is a common style of attack, in this specific case you’ll only see it work that way in a (partly) ctf style box such as this one.

That being said, the learning experience of figuring it out is a valuable one if your goal is to learn and practice the tools and techniques of web pentesting.

Rooted. Not an easy one.

Struggling with parameter

I can get a shell, but I get disconnected after a few seconds. I tried a few things to work arount that but have been unsuccessfull so far. If someone has a few tricks to share that’d be cool :slight_smile:

Edit : I was trying to get a shell on port 9001 and kept being disconnected. I changed it to port 1234 and now it works like a charm.

Man. This thing has been rough. I finally managed to get to user, but now I’m struggling to find a way to root. Any tips on how to better enumerate this type of box?

If anyone could drop me a message I am stuck on the foothold, done a lot of enum and tried changing things to get access to things. Will give more info over PM. Would be very much appreciated, thanks!

Rooted! Congrats @polarbearer I learned a new few things!

umm I’m agree with the other discussion, (for me) It’s a bit hard to be an easy box.

Hello guys, i was found r*t.t, but dont know what to do then. Can someone help me?

Finally rooted. In retrospect, is this box easy ? Yes, it is. There’s no crazy concept, no binary exploitation madness or 32 lines commands with a million options that you need to put in order so your computer doesn’t crash, but… It’s really different from what’s usual on HTB.
Anyway, thanks @polarbearer !
Oh and big thanks to @cool4coder who assisted me along the way :slight_smile:

That box made me say ‘oof’ at the end of it. Keep after it and read the blog posts.
DM for nudges.

I learned a lot on this one. Thanks @polarbearer! A hint for root: pay attention to file types . As always PM me for hints or discussion. Helping others learn helps me learn :smiley: .

Stuck at the ‘attempt to call a nil value’. A nudge would be greatly appreciated.

Nice box ! NetBsd was something new to me so, I had to learn a bunch of new stuff. Which is exactly what I’m looking for. PM if you need a nudge !