Official Luanne Discussion

Type your comment> @trcm said:

I hate having to load up BURP every time I want to encode a string…
I found curl -G --data-urlencode "param=value" url helpful!

@bw00lley thanks, I also discovered a similar (but longer!) curl method :

$ curl -Gso /dev/null -w %{url_effective} --data-urlencode @- “” | sed -E ‘s/…(.*)…/\1/’

But the shortest I found was simply :
$ jq -sRr @uri

Fairly enjoyable box - I can see why it was rated easy but there were some gotchas for people.

Pretty much all the good tips are already in the thread. All I can suggest is understand the OS a bit as that really helps. Two steps are very specific to that environment.

Pff. Somebody copied root flag to /home/root.txt with 777 perms :lol:
Can’t rm it, still doing user - restarted the machine.
Please be mindful guys.

Rooted

uid=0(root) gid=0(wheel) groups=0(wheel),2(kmem),3(sys),4(tty),5(operator),20(staff),31(guest),34(nvmm)

Restarted again to clean it up.
DM if you need a nudge.

Rooted. This was a fun box and thanks @polarbearer
If anyone needs a hint, DM :slight_smile:

Jeez, I needed handholding through getting user. Foothold and root were OK but I could not work out how you would know how to get user. I guess you just need to try that every time!

Type your comment> @bw00lley said:

Jeez, I needed handholding through getting user. Foothold and root were OK but I could not work out how you would know how to get user. I guess you just need to try that every time!

haha can you hold my hand to pay it forward? lol to me the next logical step is to exploit a similar looking service but running with user perms…but it doesnt seem vulnerable (i feel like i have new creds but am unable to find where and how to use them!)

Type your comment> @unkn0wnsyst3m said:

haha can you hold my hand to pay it forward?
Have sent you a PM.

so I’m stuck as the _h**** user and can’t get user. Any hints please DM. I can explain what I’ve discovered so far.

@s3gf4ult said:

so I’m stuck as the _h**** user and can’t get user. Any hints please DM. I can explain what I’ve discovered so far.

This is possibly one of the more challenging steps.

The place you’ve landed has what you need to access a resource you couldn’t previously access.

Now you are inside the wire, you can access it differently and through some command line requests, you can get it to give you what you need to get a real shell.

Why are you all write these useless “Rooted”, “Finally rooted”, etc.? Do you really think anyone cares about it? Please, stop kissing yourself and start be more informative. Give some hints regarding machines. That would be really helpful, instead of your narcissism.

alright so silly me looking through the man pages
https://man.netbsd.org/NetBSD-9.0/****
Thanks @r0m4r10 @bw00lley for the support here, definitely was on the right track but routinely missed the critical nugget to show me the answer in my online research

foothold: already discussed is depth, burp can also help here (there is a plugin that will help)
user: man oh man, what a journey huh?? oddly enough, the “dev” version has your foothold patched, but there is another way in…understand what the service is running, how, and why (this was the challenge for me, i misread the manual, no not that manual, the other manual!..)

root: this phase is very specific to the OS, enum will find the artifacts you need, but youre not done yet…what you have and what you think it can be used for is correct, but you cant get there through the normal way, you need to find a different command. - for me the man pages screwed me over, but while searching you will find the hints you need in your research results.

@b1narygl1tch said:

Why are you all write these useless “Rooted”, “Finally rooted”, etc.? Do you really think anyone cares about it? Please, stop kissing yourself and start be more informative. Give some hints regarding machines. That would be really helpful, instead of your narcissism.

So, generally, they are people, at the very least identifying that they can help others if needed - but most of the time all the hints are already in the thread. For lots of people it is also a nice way to share their excitement and feeling of success.

Complaining about other people’s posts is rarely useful and insulting everyone else feels like an odd way to encourage more helpful posts.

The narcissistic posts are the ones which say “this box was so easy” or “I did it in three seconds” or “rooted this shitty box”/“rooted this useless box.” That is people trying to show how superior they are to the box, people who say “It took me months but I finally rooted this box” are most certainly not boasting.

Type your comment> @TazWake said:

@b1narygl1tch said:

Why are you all write these useless “Rooted”, “Finally rooted”, etc.? Do you really think anyone cares about it? Please, stop kissing yourself and start be more informative. Give some hints regarding machines. That would be really helpful, instead of your narcissism.

So, generally, they are people, at the very least identifying that they can help others if needed - but most of the time all the hints are already in the thread. For lots of people it is also a nice way to share their excitement and feeling of success.

Complaining about other people’s posts is rarely useful and insulting everyone else feels like an odd way to encourage more helpful posts.

The narcissistic posts are the ones which say “this box was so easy” or “I did it in three seconds” or “rooted this shitty box”/“rooted this useless box.” That is people trying to show how superior they are to the box, people who say “It took me months but I finally rooted this box” are most certainly not boasting.

Not boasting, just flooding with useless messages. And yes, there are really useless boxes/tasks that don’t require anything except bruteforcing, for example. I’ll just describe what is a good post from my point of perspective: “Rooted! Feel free to contact me. Here are some hints: user… root…” That’s the useful post.

@b1narygl1tch said:

Not boasting, just flooding with useless messages. And yes, there are really useless boxes/tasks that don’t require anything except bruteforcing, for example. I’ll just describe what is a good post from my point of perspective: “Rooted! Feel free to contact me. Here are some hints: user… root…” That’s the useful post.

Awesome - I look forward to seeing you lead by example on that. Until then, you can continue to make the posts you think should go into a thread and so can other people.

Type your comment> @TazWake said:

@b1narygl1tch said:

Not boasting, just flooding with useless messages. And yes, there are really useless boxes/tasks that don’t require anything except bruteforcing, for example. I’ll just describe what is a good post from my point of perspective: “Rooted! Feel free to contact me. Here are some hints: user… root…” That’s the useful post.

Awesome - I look forward to seeing you lead by example on that. Until then, you can continue to make the posts you think should go into a thread and so can other people.

You can check my previous posts at least. I always tried to be informative.

@TazWake @b1narygl1tch i find that even the “useless messages” are still somewhat helpful. When i am strugging, I certainly take some solice in seeing that the people that solved these challenges quickly were very experienced so it makes sense why i am having a hard time. I’ve learned that experience really does take you a long way in this field, and htb works to help educate and fill the gap, so all comments are helpful to me (even if just a little). But to @TazWake’s point, i certainly have reach out to some of those people that just said “rooted” and they’ve been very helpful with minor nudges or just confirmed that i was on the right path.

Hi,
This is my first box. I am starting to thing that maybe I make the wrong choice. I found things, of course. Some places to visit and I found out how to say moon in portuguese . I wonder if this is the way to find my initial foodhold via l** lang****. I’ve ran out of ideas but before continuing I want to know if it is a hole rabbit or not. Thanks for your help.

@j4M35B4r0N said:

Hi,
This is my first box. I am starting to thing that maybe I make the wrong choice. I found things, of course. Some places to visit and I found out how to say moon in portuguese . I wonder if this is the way to find my initial foodhold via l** lang****. I’ve ran out of ideas but before continuing I want to know if it is a hole rabbit or not. Thanks for your help.

I got initial foothold via that technology.