Mango

18911131423

Comments

  • Nice box. learnt a lot. anyone who needs help can Dm me

  • Rooted! Feel free to contact me for hints :)

  • For the privesc to root, if you're not seeing what you think you should be seeing in the "basic enumeration" part. Make sure your scripts are up to date, lost 2 hours to trawling the output thinking i must be missing something super basic..

    Mech

  • edited November 2019

    need a little help with the creds part.. My script gives some wrong creds with $ in the end

    Done!
    Rooted

  • Nice machine.
    Its a bit of a pity that the name gives direction just like that. Enumerating required details would make it more challenging. However I understand the requirement, that the machine name itself should be a hint.
    Enjoyed -:)

    m4rc1n

  • Rooted
    Very interesting machine
    Thank you

  • edited November 2019

    Hello,
    With some help from Google and other resources I've been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I'm not able to login).

    I can't tell if I've got something wrong with the script. I'm not sure why I could enumerate the users, but I can't do the same for the passwords.
    So any help would be greatly appreaciated since I've spent 2 days on this box ( pretty new to this kind of stuff )

    Thanks

    Edit: I just found the password for one user, but I still can't find it for the more privileged user

    Edit 2: nvm, I got it

  • Type your comment> @JigglyByt3 said:

    Hello,
    With some help from Google and other resources I've been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I'm not able to login).

    I can't tell if I've got something wrong with the script. I'm not sure why I could enumerate the users, but I can't do the same for the passwords.
    So any help would be greatly appreaciated since I've spent 2 days on this box ( pretty new to this kind of stuff )

    Thanks

    Can your script handle non-alphanumeric characters?

    bumika

  • Type your comment> @bumika said:

    Type your comment> @JigglyByt3 said:

    Hello,
    With some help from Google and other resources I've been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I'm not able to login).

    I can't tell if I've got something wrong with the script. I'm not sure why I could enumerate the users, but I can't do the same for the passwords.
    So any help would be greatly appreaciated since I've spent 2 days on this box ( pretty new to this kind of stuff )

    Thanks

    Can your script handle non-alphanumeric characters?

    Yes, I figured it out in the end.
    Thanks for the initiative anyway :)

  • This was a fun one, thank you :)

  • rooted! a********.p** i suppose that is rabbit hole. Box name is big hint.
    pm for any hint

  • There is a script on github that make the user part easier than a lot of boxes :))) You just need to know how to search after you've found the back-end service :)))

    zaBogdan

    If you need help with the boxes, pm me on Discord, zaBogdan#3458, I always forget to respond on form

  • Drank mango flavored white claws during user and ended with a shot of mango vodka and mango slices upon r00t.

  • User and rooted. GTFO for root

  • rooted thanx for hint. @bumika you are my master :))

  • edited November 2019

    So I found the login page. (Super simple) but past that I have no idea how to get the users/passwords. Can some one please DM me some assistance.

    NVM @blay thanks for the assist.

  • Finally rooted, fun machine :)

    Didn't manage to get a root shell, can someone who did ping me?

  • Can't do much with this box, it keeps dropping connection every few minutes. I'm on VIP network as well, so I doubt it's a Dos. Found the login page and /v***** but not sure what to do with it. Tried running a python script from PayloadsAllTheThings but not getting much reponse as it keeps timing out.

    cerbersec.com

  • Rooted!
    Was Fun, thanks @MrR3boot for the tasty fruits, really enjoyed them.
    Thanks to @donkeysnore for the help with building of the script.

    Feel free to PM me for some help.
    PS: Sorry, discounts codes for the CyberTruck are exhausted.


    Check out my blog
    Always happy to help! but please consider dropping some respect. ^^

  • edited November 2019

    Type your comment> @dnperfors said:

    I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not.
    Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machine since normally you don’t know the technology either.

    Are there any tools like sqlmap to detect these kind of technology? (Can someone pm me the answer?)

    Root was rather easy, the default enum tool called it “interesting” and after that it was quickly over...

    which enum tool are you using> LE.s*?

  • got user thanks to @SolidTuba
    now i'm stuck on the root part
    could anyone help me with this ? i've found a file '**s' in which i think i've got to use G***BINS but i'm stuck here

  • Type your comment> @c00de said:

    got user thanks to @SolidTuba
    now i'm stuck on the root part
    could anyone help me with this ? i've found a file '**s' in which i think i've got to use G***BINS but i'm stuck here

    Rooted, didn't except the root to be way easier than the user
    if anyone needs help can contact me

  • edited November 2019

    Can someone PM me a hint?
    I got the login page and I think to know what DB is behind it. I am pretty stuck now. I think I have also found some rabbit holes..

  • Initial foothold was challenging for me but I can see where to improve my enumeration. Root is pretty simple. Thanks to @blay for helping me out

  • I still didnt even find login page, I tried 700k wordlist no luck. Anyone help ?

    noi

  • Type your comment> @noi said:

    I still didnt even find login page, I tried 700k wordlist no luck. Anyone help ?

    look at what you agreed with when you went to https

  • Spoiler Removed

    Reach me on Discord: n3b0r#2873

  • Man this one was a blast.. Good job on the maker.

    Hack The Box

  • edited November 2019

    Got user and finally root, GTFOBins was helpful. Great box! Thanks to @bumika and @c00de for hints and tips for user. PM for hints if you are stuck.

    Hack The Box

  • Would somebody be willing to look over my python script and point out any obvious issues? I'm generating password combinations but when I try to enter my final pwd it's not working the way that is expected.

Sign In to comment.