Mango

Mango

Let's taste it :)

MrR3boot
Learn | Hack | Have Fun

«13456723

Comments

  • I like mangos

  • cool, ill start with this box later!!

    Hack The Box

  • No fucking way to do anything, guys are fucking raping the box and ddosing it...

  • I found a login portal but seems to be a rabbit hole. :)

    halisha

    --- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
    --- Please specify the machine you're working at when messaging

  • I found search engine like functionality, not sure if it's a rabbithole, It does point to a new technology.

    For asking help, please describe what you have tried so far, so i don't spoil too much.
    If you believe i was able to help, please provide feedback by giving respect:
    https://www.hackthebox.eu/home/users/profile/122308

  • I found a github repo and also don't know if it just might be a rabbithole...

  • This box needs good enumeration. Until now I only found rabbit holes :D

  • First blood gone...

  • Anyone at the v****/c******* structure?

  • already ordered mangos from whole foods twice.
    both deliveries are overdue tho.
    sad.

  • edited October 2019

    https: /a...tics.p.p

  • Happy diwali hackthebox

  • edited October 2019

    &login=login a little strange maybe h.dra.. or pata ..

  • edited October 2019

    Found an empty looking useless web server, one with the aforementioned "search engine like" stuff (along with an*****cs.p**) which yet again doesn't seem very useful but it led to a third web serv that seems closest connection to the box's name and has a login.
    Gobuster found absolutely nothing on any, neither did manual enum. Any nudges / ideas maybe? Thanks

    rowra

  • edited October 2019

    I add codepen.io to hosts file and an....php start working

    but maybe just a rabbit hole

  • Could that one guy please stop dos-ing the server? Thanks.

    :D

  • I've enumerated it in any way I could think of with dirs, files, ipv6, several payloads for the search field, look for vulnerabilities in all the files/folders I could think of...
    And I'm at the same point than a couple hours ago when I started, so if anybody would like to throw some hints you are very welcome.

    Hack The Box

  • edited October 2019

    I dont think olap.flexmonster.com are funny to use /ana...php and connect to there elasticsearch server more and more

    ??
    Loading members...name: 300000 of 474710 loaded

    And hack the box server is fighting with tons of data maybe rabbit data

    I hope this is a rabbit hole I can create a query that run more days, kill htb server and flexmonster elasticsearch engine

  • Are we supposedd to go to c**.f*********r.com linked from the an....php page or is it just a rabbit hole?

    Hack The Box

  • f*******r.com working in ana...php when connect to remote elasticsearch

  • Spent a lot of time by analyzing unnecessary stuff.
    But like in real pentest you do not know in advance where is vulnerability hidden.

    The same for root )

    tabacci

  • I think I found a user i*******y. Rabbit hole?

    Hack The Box

  • I'd suggest to at least hide somehow the external links on the box from hackthebox people. They could lead to misunderstandings and unintentional scans by mistake.

    Tohzzicklao

  • Found the login form and got the tables working, not seeing where to go next.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • I am in the same spot after few hours of enum and recon...

  • edited October 2019

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

  • @rholas said:

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

    You definitely should not be DDoS'ing any boxes, especially ones outside of the HTB network.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Rooted
    Big thanks to @v1p3r0u5 for help and also to @MrR3boot for great box. Learned a lot
    @rholas I think a*******s.**p is not right path.

    kratek

  • Type your comment> @clubby789 said:

    @rholas said:

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

    You definitely should not be DDoS'ing any boxes, especially ones outside of the HTB network.

    This is a hack the box server not outside, but currently near crash state

  • @rholas said:

    Type your comment> @clubby789 said:

    @rholas said:

    I starting a very long query on elastic server, maybe need to ddos https://olap.flexmonster.com:9200 .

    fm-entities has more than 470 000 entries

    You definitely should not be DDoS'ing any boxes, especially ones outside of the HTB network.

    This is a hack the box server not outside, but currently near crash state

    Why do you think that? The rules explicity say not to hack anything outside of 10.10.10.0/24

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
Sign In to comment.