Luanne
Luanne
Luanne 302
Luanne
RETIRED MACHINE

Luanne

Luanne - Other Other
Luanne - Easy Easy

2.6

MACHINE RATING

5133

USER OWNS

5059

SYSTEM OWNS

28/11/2020

RELEASED
Created by polarbearer

Machine Synopsis

Luanne is an easy difficulty NetBSD Linux machine. Network enumeration reveals a Medusa Supervisor Process Manager that is found to be using the default login credentials. Enumeration of a monitoring script that is accessible from the Supervisor Process Manager reveals a Lua script that is vulnerable to code injection. It is running in a custom weather web application on a `bozohttpd` server. A second misconfigured `bozohttpd` server that is found to be running in development mode, which is leveraged to obtain the private SSH key for the system user `r.michaels`. Using `netpgp`, we can decrypt an encrypted `tar` backup file that contains the password for the user `r.michaels`, who is found to be able to execute commands as root, using the command `doas`.

Machine Matrix

Ready to start your
hacking journey?