Mango

13468923

Comments

  • @n4v1n said:
    Sorry, I'm little late to the party, but honestly, I liked the Mango :) @MrR3boot , thanks for the box bhai.

    @NikolaITA said:
    thanks @MrR3boot ! User was lovely and fun. Root pretty standard.

    Glad you had fun :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited October 2019

    @Salts Root before user ? impossible

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @MrR3boot said:

    @Salts Root before user ? impossible

    No, misunderstanding. I mean to say that root was obvious before I figured out how to get into user, which is a first for me is all!

    It was a cool box, I have very little experience working with uh.. mangos that way. It was eye opening.

  • Hi. Got the login page. Made some magic and got the "under construction" page. No idea what shall I do with this page. Can I have some help?

  • Type your comment> @p3tj3v said:

    keep in mind that a website can have multiple faces... so based on the request the webserver serves different content.. so hammering port 80 might not show anything to you... but a "different" port 80 does..

    Honestly, I completely excluded that approach from the beginning, 'cause I thought was pointless under this kind of network. Obviously I was wrong. Thank you ;)

    BadRain

  • edited October 2019

    The way to get "juice" out from the mango is to "extract".

    limbernie
    Write-ups | Discord - limbernie#0386

  • Nice box! Tips for user:
    -mAnGo iS a HiNt
    -Don't use bruteforce (it's useless). Create a script.

    Root:
    -Standard enum

    Tohzzicklao

  • @limbernie said:
    The way to get "juice" out from the mango is to "extract".

    You extracted the Theme of the box. Well done :)

    MrR3boot
    Learn | Hack | Have Fun

  • Type your comment> @H3L1OS said:

    Type your comment> @c0d3rV1J0 said:

    Type your comment> @librab103 said:

    Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

    @librab103 said:
    Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

    same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

    You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it...

    @p3tj3v said:
    keep in mind that a website can have multiple faces... so based on the request the webserver serves different content.. so hammering port 80 might not show anything to you... but a "different" port 80 does..

    Very helpful and on point..... really good tips in these posts.. this is an awesome box.. definitely lots of fun..

  • edited October 2019

    Think I have the correct directory for the login page due to some convenient python scripts on pastebin. However, the url does not work. Very confused... Tried both ports. s******-****r.m****.**b/i****.*** right?

  • How did you guys go to the staging? I'm just in the live folder always.

  • Got the root flag without logging in as "root" :)

  • Figured out how to get to the lgn page...
    Now what? I've read that a script to enumerate the backend system is needed.
    Where to start??

    Day 2, still no shell...

  • Are there any write-ups you can point to that is like Mango that I can look at?

    Hack The Box

  • staring at login page, think I get what the name is about , higher port isn't open and tried legit logins and '- logins. Anyone can give me a nudge?

    prutz

  • Well, I am officially insanely stuck. I found the login page but despite the clues about the box name I have no idea where to go from here. Would appreciate a DM nudge if anyone would be so kind.

  • I got "under constrution" , any hints?

  • H******y could be the key to move on?

    BadRain

  • Spoiler Removed

  • Root:
    1. You don't have to priv esc, used the available tools in the system using your current user account.
    Thanks to @rholas

  • I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

  • still stuck at the login page, few suggestions are appreciated :D

    Hack The Box

  • For people who have no idea where to begin once u get the login page

    The box is named for a reason .. Once u get that hint
    there is a good blogpost literally explaining the entire user process :)

  • Just get user & love this box, ty

  • Learning a new technique of web attacks. I will just be a Mango lover. :) Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

    idealphase

  • @KryptoTheHippo said:
    Just get user & love this box, ty

    @idealphase said:
    Learning a new technique of web attacks. I will just be a Mango lover. :) Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

    Have a bite of Mango now :)

    MrR3boot
    Learn | Hack | Have Fun

  • hg8hg8
    edited November 2019

    Got a**** user and its password.... but what now ? I tried to enumerate other usernames with no luck. Am I missing out something ? Any little nudge appreciated.

    Never mind figured it out! Messed my usernames enum.

  • Spoiler Removed

  • @wifislax said:
    I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

    You can read files, and you can write them to..
    think about prividing the .ssh folder what it needs to accept you

  • finally logged in as root. Thanks everybody and @MrR3boot for the juicy lerarning experience.

Sign In to comment.