Official Luanne Discussion

Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.

There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.

Type your comment> @Hyp3rDrive said:

Rooted. Wouldn’t mind having a chat with someone who got user without any hint / without reading the forum here.

There’s a specific detail that I really only got by a random guess based on what someone said here. I’d like to know how I should have figured it out the “proper” way so I can learn something.

Others may disagree, but here’s my opinion. :wink:

The specific part you are taking about is somewhat artificial. Although in principle the way you “discover”, “guess” or “modify” that type of data is a common style of attack, in this specific case you’ll only see it work that way in a (partly) ctf style box such as this one.

That being said, the learning experience of figuring it out is a valuable one if your goal is to learn and practice the tools and techniques of web pentesting.

Rooted. Not an easy one.

Struggling with parameter

I can get a shell, but I get disconnected after a few seconds. I tried a few things to work arount that but have been unsuccessfull so far. If someone has a few tricks to share that’d be cool :slight_smile:

Edit : I was trying to get a shell on port 9001 and kept being disconnected. I changed it to port 1234 and now it works like a charm.

Man. This thing has been rough. I finally managed to get to user, but now I’m struggling to find a way to root. Any tips on how to better enumerate this type of box?

If anyone could drop me a message I am stuck on the foothold, done a lot of enum and tried changing things to get access to things. Will give more info over PM. Would be very much appreciated, thanks!

Rooted! Congrats @polarbearer I learned a new few things!

umm I’m agree with the other discussion, (for me) It’s a bit hard to be an easy box.

Hello guys, i was found r*t.t, but dont know what to do then. Can someone help me?

Finally rooted. In retrospect, is this box easy ? Yes, it is. There’s no crazy concept, no binary exploitation madness or 32 lines commands with a million options that you need to put in order so your computer doesn’t crash, but… It’s really different from what’s usual on HTB.
Anyway, thanks @polarbearer !
Oh and big thanks to @cool4coder who assisted me along the way :slight_smile:

That box made me say ‘oof’ at the end of it. Keep after it and read the blog posts.
DM for nudges.

I learned a lot on this one. Thanks @polarbearer! A hint for root: pay attention to file types . As always PM me for hints or discussion. Helping others learn helps me learn :smiley: .

Stuck at the ‘attempt to call a nil value’. A nudge would be greatly appreciated.

Nice box ! NetBsd was something new to me so, I had to learn a bunch of new stuff. Which is exactly what I’m looking for. PM if you need a nudge !

I can’t seem to get anywhere on this box. Ran nmap and found a few ports. I also ran gobuster. Not seeing anything other then the log in prompt. Can I get a hint or a nudge?

Type your comment> @MaximumBob said:

I can’t seem to get anywhere on this box. Ran nmap and found a few ports. I also ran gobuster. Not seeing anything other then the log in prompt. Can I get a hint or a nudge?

Look at nmap output again.

Hi all. I’ve been running dirbuster, and it’s picking up a bunch (20+ so far) subdirectories from other directories. Am I going down a rabbit hole here letting it continue? Some of the items look interesting.

Type your comment> @DaShan3 said:

Hi all. I’ve been running dirbuster, and it’s picking up a bunch (20+ so far) subdirectories from other directories. Am I going down a rabbit hole here letting it continue? Some of the items look interesting.

Are you sure that dirbuster found something? Check the response codes.

Type your comment> @digusil said:

Type your comment> @DaShan3 said:

Hi all. I’ve been running dirbuster, and it’s picking up a bunch (20+ so far) subdirectories from other directories. Am I going down a rabbit hole here letting it continue? Some of the items look interesting.

Are you sure that dirbuster found something? Check the response codes.

Sent you a msg so i don’t spoil anything.

Ok so I have come across a page that tells me to use a command to provide some information. But I’m having trouble trying to get the command to work. A nudge by you more experienced folks would be appreciated!