Luanne — HackTheBox Writeup

Source

Synopsis

Skills Required

  • Web Enumeration
  • Lua Code Injection
  • NetBSD Enumeration

Skills Learned

  • Lua Code Injection
  • NetBsd Enumeration

Enumeration

Nmap
/robots.txt
gobuster
/forecast
city=list
weather report
supervisor
default creds
supervisor processes
processes
MSF

Initial Access

encoded payload
netcat listener
execute url
shell
password
hash algo
crack hash
http
http

Privilege Escalation — User

port 3000
curl localhost port
curl with creds
curl public_html
id_rsa
user shell
user flag

Privilege Escalation — root

doas conf
backup
gnupgp
decrypt
crack hash
root shell and flag

Quirks

supervisor version
cleanup.sh
crontab

References

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store