Official Luanne Discussion

rooted! definitely not an easy box I thought (lots of steps for an “easy” rated box)
PM me if you need help :slight_smile:

any hints for root ?

@unknown101 said:

any hints for root ?

Once you know how, it is super simple. You just need to see how the OS does it differently.

Type your comment> @TazWake said:
> @unknown101 said:
> > any hints for root ?
> 
> Once you know how, it is super simple. You just need to see how the OS does it differently.

Respect bro!
it’s tottaly simple actually

rooted finally. PM for hints if needed

rooted, finaly!

Foothold: You should take a look more carefuly at the parameters
User: Way hard than root. Sometimes you should take care of things from the inside, once you get it, you’ll get the job done.
Root: Stay at home :slight_smile:

Thanks for @clure @TazWake and @badman89 . This was hard, seriously.

Hello everyone leaned alot from this box although i still have a quick question. When I reattempt the box, as my second time… When generating the ssh key for user… I gets frozen half way while retrieving the key… I’m not sure why it won’t show the full key… only half of it and just stuck… missing other half of the key… any suggestions? Appreciate it.

Stuck trying to figure out how to get shell as the r*******s user, found the dev copy but no idea what remains vulnerable.

Edit: Found it, was wondering when I’d find a box with this! :smile:

Hi guys,
I’m currently shell as _****d but I cannot find a way to get to the correct user…
I saw the same service as the one I used to get my shell but it seems that the exploit have been fixed, I also got the file of the initial service but the code don’t help me more… any clue ?

@seniuus said:

Hi guys,
I’m currently shell as _****d but I cannot find a way to get to the correct user…
I saw the same service as the one I used to get my shell but it seems that the exploit have been fixed, I also got the file of the initial service but the code don’t help me more… any clue ?

Check how the new thing was started. It might lead you to discovering something that will help you get to where you want to go.

Type your comment> @HomeSen said:

@seniuus said:

Hi guys,
I’m currently shell as _****d but I cannot find a way to get to the correct user…
I saw the same service as the one I used to get my shell but it seems that the exploit have been fixed, I also got the file of the initial service but the code don’t help me more… any clue ?

Check how the new thing was started. It might lead you to discovering something that will help you get to where you want to go.

Yeah I tried the service locally, I tried searching in /pc to find info on the process but nothing (to see the new code) and I don’t have access to r.*******s directory, does it have smth to do with lc and hd ?

@seniuus said:

Type your comment> @HomeSen said:

@seniuus said:

Hi guys,
I’m currently shell as _****d but I cannot find a way to get to the correct user…
I saw the same service as the one I used to get my shell but it seems that the exploit have been fixed, I also got the file of the initial service but the code don’t help me more… any clue ?

Check how the new thing was started. It might lead you to discovering something that will help you get to where you want to go.

Yeah I tried the service locally, I tried searching in /pc to find info on the process but nothing (to see the new code) and I don’t have access to r.*******s directory, does it have smth to do with lc and hd ?

You are on the right track. I’ve PM’d you to avoid spoilers.

Hi, I’m having problems with foothold. I have RCE, I’ve tried some basic commands like id, cat or ls with options and no problem at all. I can even ** back to my system and get a connection but can’t spawn a shell, or if I’m spawning one I’ve no feedback at all. Any help?

Nevermind.

Need some help with the user, I am literally banging my head to the keyboard. I can see that the bug has been patched not sure where to go next?

Thanks in advance.

After days stuck in a rabbit hole on Delivery, now working again on this machine. But, as expected, as solid as poured concrete.

I have a reverse shell. I also found a hash, cracked it, but nevertheless this doesn’t help me escalate to the r. user

Also found a certain command / *** / *** exec / ***** I think I can do something with this, but I have no idea what.

So two concrete questions:

  1. Is this indeed very promising? If not what then?
  2. And if so, which logic / process should I follow?

Thank you in advance for your nudges

@mrZapp said:

After days stuck in a rabbit hole on Delivery, now working again on this machine. But, as expected, as solid as poured concrete.

I have a reverse shell. I also found a hash, cracked it, but nevertheless this doesn’t help me escalate to the r. user

Also found a certain command / *** / *** exec / ***** I think I can do something with this, but I have no idea what.

So two concrete questions:

  1. Is this indeed very promising? If not what then?
  2. And if so, which logic / process should I follow?

Thank you in advance for your nudges

It is. Check what it is doing. One of its features will help you advance to your goal.

Hey y’all. I’ve got the limited privilege shell and found the s** key for r.******* but not sure how to use it. Can anyone give me a nudge?

Type your comment> @Butterflyy said:

Hey y’all. I’ve got the limited privilege shell and found the s** key for r.******* but not sure how to use it. Can anyone give me a nudge?

you use ssh key files with this command
ssh -i FILE user@WHATEVER

no idea if ssh is a spoiler but 99% of boxes have it running so i wouldn’t think so

Not a fan of this box at the moment. Goes up and down and I’m pretty sure the way the box is configured all the massive scans going on ain’t helping.

Type your comment> @weeeeeeeeee said:

Not a fan of this box at the moment. Goes up and down and I’m pretty sure the way the box is configured all the massive scans going on ain’t helping.

Started a vip account… finished it with an hour of me signing up. amazing what you can get done.