Mango

1141517192023

Comments

  • edited January 23

    looks like i am missing exact one special char in the enumeration. i know the length of the password and i have all length - 1 position. but i am not able to find the last char of m**** password.

    edit: wow, my bad. messed up the regex.. in this case, another fruit helped me to solve it. i just went away to get an apple and bam, then i found my mistake.

  • Rooted. This was my first medium-ish box and I learned more from this than any box I've done yet. Got stuck in a bunch of places, but patience and taking much need breaks after smashing my head against the wall helped. I had used the underlying mango technology before, but learning how to "extract" the "juice" from it was so educational and cool.

    Got a little stuck on root. Enum and once you notice what is sticking out, you're probably on the right trick. Just be persistent. It might be a tricky little bugger to GTFO it to do what you want.

    Thanks @MrR3boot

  • edited January 24

    Stuck on the login page, dont know what to do next. A little help please, everyone. :(

  • Think of what we do on a login page (just combine that thought with box name). Good Luck

    MrR3boot
    Learn | Hack | Have Fun

  • Aaaaand done. Thx to @MrR3boot for this great machine and to @H4ck3d5p4c3 for helping me

  • Rooted. Feel free to PM me if you need a nudge :)

  • edited January 24

    Rooted, ty @H4ck3d5p4c3, if someone need help feel free to pm me
    Nc box @MrR3boot

    User: python script made your work simple, Mango it's not real Mango, change 1 word
    Root: gtfobins

  • edited January 25

    Please need bump for initial foothold / user. Found login page and tried MANY in******n techniques, but have gotten nowhere. Please help.

    EDIT:
    Just rooted, thankyou so much to @4v3r4g3 for giving me the bump to get me to user.
    I personally found user extremely difficult, but getting from user to root took about 30min.
    However, I never spawned root shell - that proved hard.
    Thanks for another great box @MrR3boot

    Hack The Box

  • rooted

    Foothold is hard to figure out if you're not dealing with backend tech much.
    I mean all those comments about the relation to the site/fruit name weren't much of a clue (well they were ... after i found how to exploit).

    The only reasonable hint was mentioning PayloadAll*
    So i'll repeat this as my hint once again:
    don't focus on the fruit/name clue - go to the methodology (mentioned above), and check how to enumerate in different technologies.

  • Good box learnt some new things. User was pretty annoying because there are several rabbit holes. Once you've got the login page focus on that exclusively, forget the other subdomains. It's not mentioned in any of the solutions but it IS in fact possible to figure out the underlying tech using dir/file bruteforcing (if you hadn't had any hints from the forums or box name). There is a certain file ins******.j*on that gives you the info. As for the script, don't exclude special chars, just escape them.

    Popping a root shell is simple. No need to mess around with ssh keys at all like a lot of ppl mention (in real life most boxes have root ssh disabled anyways so that'd be useless). bash -p is your friend.

  • New to this type of box. Anybody got any nudges on how to even get started? or where to even begin? Enumeration got me to login page and the a****s.php page but all this mango talk has me confused.

    Hack The Box

  • Hello,
    I need help. i extracted password from my python script. Impossible for me to use them with SSH.
    Maybe a special char is missing in my password ...
    Please PM for more explications.
    Thanks !

  • Thx @mRr3b00t for this lessons.
    Rooted. Root is easier then user.
    Python is your best friend. Be careful with your alphabet.
    As usual, PM for nuggets.

  • Can someone PM me an hint for the intial foothold.

  • Rooted :)
    Thanks to @AlexLTN for the hint. An char was missing in my payload.
    PM me for hints.

  • edited January 31

    Can someone give me a hint on the initial foothold? I found s-.mango.htb and added it to my hosts file. But I have no luck exploring it... Any help is appreciated.

    edit: Spelling is important... :blush:

  • Finally rooted, User part was a little hard and root part was so easy, Learnt a lot.

    Hints:

    • User: Box name
    • Root: Linenum.sh, GTFOBins

    Feel free to PM me if faced with any problem ;D

  • Hey, I am on the login page trying to dump passwords from m*ngo, but it doesnt seems to work at all, I tried manually with burp and also tried the script from the repo which everybody is talking about - but no success. Some help ..?

  • Asking for assistance with the initial foothold. currently trying to figure out how to use python or intr on brp to get creds. I am not understanding this methodology. can someone share a link or help me understand what i'm doing wrong? I found ns*l.py online but i've only been getting false negatives....or i'm not running it right....i'm not sure. this box is tough.

    Hack The Box

  • Hi, I use a custom python script based on previous tips, but no luck on retrieving m**** user password... I believe that I have successfully treated special chars, as well as '^' char...I could really use some help

    Thanks in advance

  • I got root on Mango, but I am not happy with how got it... (reading the flag)

    Did you anybody managed to get a reverse shell working on root? If so, can you ping me?

    root.txt
    8a8ef7###########9ab15

    Hack The Box

  • @squid22 said:

    I got root on Mango, but I am not happy with how got it... (reading the flag)

    Did you anybody managed to get a reverse shell working on root? If so, can you ping me?

    root.txt
    8a8ef7###########9ab15

    You can get a root shell by using the basically the same approach as you used for reading the flag, but instead of reading it, writing a private key and then ssh'ing in.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • Type your comment> @TazWake said:

    @squid22 said:

    I got root on Mango, but I am not happy with how got it... (reading the flag)

    Did you anybody managed to get a reverse shell working on root? If so, can you ping me?

    root.txt
    8a8ef7###########9ab15

    You can get a root shell by using the basically the same approach as you used for reading the flag, but instead of reading it, writing a private key and then ssh'ing in.

    LOL!!! that's true... why didn't I think of that. I guess I was way too focused on the reverse shell.... Thank you @TazWake

  • I got 302 status code in burp. How can I use burp intruder to brute Force the credentials? Any hints pls.

  • ROOTED. User was a royal pain in the a$$ but i did pick up a new technique and thanks to the nudges from @s4ma3l and @KGG on getting the initial foothold. like everyone said, Root was so much simpler. didn't need to use reverse shell or private keys....i simply just GTFOH. PM for nudges and i'll spread the love.

    Hack The Box

  • I just got initial foothold. The way to those initial creds has got to be the most satisfying enum/exploit ever! 😋

    Feel free to PM me if you get stuck on login page.

    Hack The Box

  • Aaaand rooted. Great fun this box! :D

    Hack The Box

  • Breaking down and asking for a nudge, kick or push for Mango. Trying to get user credentials and stuck. Thanks

  • edited February 2

    Got the user, thanks @sAlsharif for the help, I didn't realize to include some chars ... in the script

    Also rooted, in a short time you get the root, much easier than the user part.

    Funny!

  • Got root ! like a lot of people in here, getting initial user(s) was realy hard, even if I got clues with com***er.
    After that it's (almost) a piece of cake !

    Thanks for the box !

Sign In to comment.