Mango

Let’s taste it :slight_smile:

I like mangos

cool, ill start with this box later!!

No fucking way to do anything, guys are fucking raping the box and ddosing it…

I found a login portal but seems to be a rabbit hole. :slight_smile:

I found search engine like functionality, not sure if it’s a rabbithole, It does point to a new technology.

I found a github repo and also don’t know if it just might be a rabbithole…

This box needs good enumeration. Until now I only found rabbit holes :smiley:

First blood gone…

Anyone at the v****/c******* structure?

already ordered mangos from whole foods twice.
both deliveries are overdue tho.
sad.

https: /a…tics.p.p

Happy diwali hackthebox

&login=login a little strange maybe h.dra… or pata …

Found an empty looking useless web server, one with the aforementioned “search engine like” stuff (along with an***cs.p) which yet again doesn’t seem very useful but it led to a third web serv that seems closest connection to the box’s name and has a login.
Gobuster found absolutely nothing on any, neither did manual enum. Any nudges / ideas maybe? Thanks

I add codepen.io to hosts file and an…php start working

but maybe just a rabbit hole

Could that one guy please stop dos-ing the server? Thanks.

I’ve enumerated it in any way I could think of with dirs, files, ipv6, several payloads for the search field, look for vulnerabilities in all the files/folders I could think of…
And I’m at the same point than a couple hours ago when I started, so if anybody would like to throw some hints you are very welcome.

I dont think olap.flexmonster.com are funny to use /ana…php and connect to there elasticsearch server more and more

??
Loading members…name: 300000 of 474710 loaded

And hack the box server is fighting with tons of data maybe rabbit data

I hope this is a rabbit hole I can create a query that run more days, kill htb server and flexmonster elasticsearch engine

Are we supposedd to go to c**.f*********r.com linked from the an…php page or is it just a rabbit hole?