Mango

Mango

Let's taste it :)

MrR3boot
Learn | Hack | Have Fun

«13456789

Comments

  • I like mangos

  • cool, ill start with this box later!!

    Hack The Box

  • No fucking way to do anything, guys are fucking raping the box and ddosing it...

  • I found a login portal but seems to be a rabbit hole. :)

    halisha

    --- I reply faster on Telegram @halishasec
    --- Please specify the machine you're working at when messaging

  • I found search engine like functionality, not sure if it's a rabbithole, It does point to a new technology.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • I found a github repo and also don't know if it just might be a rabbithole...

  • This box needs good enumeration. Until now I only found rabbit holes :D

  • First blood gone...

  • Anyone at the v****/c******* structure?

  • already ordered mangos from whole foods twice.
    both deliveries are overdue tho.
    sad.

  • edited October 27

    https: /a...tics.p.p

  • Happy diwali hackthebox

  • edited October 27

    &login=login a little strange maybe h.dra.. or pata ..

  • edited October 27

    Found an empty looking useless web server, one with the aforementioned "search engine like" stuff (along with an*****cs.p**) which yet again doesn't seem very useful but it led to a third web serv that seems closest connection to the box's name and has a login.
    Gobuster found absolutely nothing on any, neither did manual enum. Any nudges / ideas maybe? Thanks

    rowra

  • edited October 27

    I add codepen.io to hosts file and an....php start working

    but maybe just a rabbit hole

  • Could that one guy please stop dos-ing the server? Thanks.

    I don't know what I'm doing, but I'm having fun!

  • I've enumerated it in any way I could think of with dirs, files, ipv6, several payloads for the search field, look for vulnerabilities in all the files/folders I could think of...
    And I'm at the same point than a couple hours ago when I started, so if anybody would like to throw some hints you are very welcome.

    Hack The Box

  • edited October 27

    I dont think olap.flexmonster.com are funny to use /ana...php and connect to there elasticsearch server more and more

    ??
    Loading members...name: 300000 of 474710 loaded

    And hack the box server is fighting with tons of data maybe rabbit data

    I hope this is a rabbit hole I can create a query that run more days, kill htb server and flexmonster elasticsearch engine

  • Are we supposedd to go to c**.f*********r.com linked from the an....php page or is it just a rabbit hole?

    Hack The Box

  • f*******r.com working in ana...php when connect to remote elasticsearch

  • Spent a lot of time by analyzing unnecessary stuff.
    But like in real pentest you do not know in advance where is vulnerability hidden.

    The same for root )

    tabacci

  • I think I found a user i*******y. Rabbit hole?

    Hack The Box

  • I'd suggest to at least hide somehow the external links on the box from hackthebox people. They could lead to misunderstandings and unintentional scans by mistake.

    Tohzzicklao

  • Found the login form and got the tables working, not seeing where to go next.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • I am in the same spot after few hours of enum and recon...

  • edited October 27

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

  • @rholas said:

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

    You definitely should not be DDoS'ing any boxes, especially ones outside of the HTB network.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
  • Rooted
    Big thanks to @v1p3r0u5 for help and also to @MrR3boot for great box. Learned a lot
    @rholas I think a*******s.**p is not right path.

    kratek

  • Type your comment> @clubby789 said:

    @rholas said:

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

    You definitely should not be DDoS'ing any boxes, especially ones outside of the HTB network.

    This is a hack the box server not outside, but currently near crash state

  • @rholas said:

    Type your comment> @clubby789 said:

    @rholas said:

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

    You definitely should not be DDoS'ing any boxes, especially ones outside of the HTB network.

    This is a hack the box server not outside, but currently near crash state

    Why do you think that? The rules explicity say not to hack anything outside of 10.10.10.0/24

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments). And remember to +respect me if I helped you ; )
Sign In to comment.