Mango

yo im stuck in the rabbithole any tips

Unable to go further than a search engine and an axxxxxtx.php page, please someone help me with a nudge? TIA :slight_smile:

Type your comment> @n4v1n said:

Unable to go further than a search engine and an axxxxxtx.php page, please someone help me with a nudge? TIA :slight_smile:

same boat =) would appreciate a nudge

edit: found it! thanks to @dontknow

Type your comment> @n4v1n said:

Unable to go further than a search engine and an axxxxxtx.php page, please someone help me with a nudge? TIA :slight_smile:

What else could you check about a https page that might hold some information? Something you’re supposed to check anyway if you get invalid ********* error anyway :slight_smile:

This was a really fun box and a great learning experience. Kudos to @MrR3boot.

Obligatory hints.

User: very thorough enumeration is the key, knowing a bit of CS theory (and applying it in terms of code) really helps cutting down the time needed.
Root: I said “very thorough enumeration” for a reason.

Can someone help me on this box please?

@rowra said:
Type your comment> @n4v1n said:

Unable to go further than a search engine and an axxxxxtx.php page, please someone help me with a nudge? TIA :slight_smile:

What else could you check about a https page that might hold some information? Something you’re supposed to check anyway if you get invalid ********* error anyway :slight_smile:

Could you explain a little bit further? I have no idea what you are talking about D:
Thanks!

@dvargasj said:

@rowra said:
Type your comment> @n4v1n said:

Unable to go further than a search engine and an axxxxxtx.php page, please someone help me with a nudge? TIA :slight_smile:

What else could you check about a https page that might hold some information? Something you’re supposed to check anyway if you get invalid ********* error anyway :slight_smile:

Could you explain a little bit further? I have no idea what you are talking about D:
Thanks!

When you opened port 443, firefox likely gave you an error, which you probably ignored. Have a look at the details of the error.

rooted

PM for Nuggets

Last login: Thu Oct 10 08:33:27 2019
root@mango:~# id
uid=0(root) gid=0(root) groups=0(root)

thanks to all friends who patiently were on my site and helped me :smiley: :smiley: and also thanks to box creator for the learning experience.

screenshot
Fun box. In the last step, the first thing you try may not work, but it should be fairly obvious what to try

Type your comment> @clubby789 said:

@dvargasj said:

@rowra said:
Type your comment> @n4v1n said:

Unable to go further than a search engine and an axxxxxtx.php page, please someone help me with a nudge? TIA :slight_smile:

What else could you check about a https page that might hold some information? Something you’re supposed to check anyway if you get invalid ********* error anyway :slight_smile:

Could you explain a little bit further? I have no idea what you are talking about D:
Thanks!

When you opened port 443, firefox likely gave you an error, which you probably ignored. Have a look at the details of the error.

Got it, thanks!

Can someone give me a nudge for the initial foothole with the mango hint?

Joined the Mango club :slight_smile:

Last login: Thu Oct 10 08:33:27 2019
root@mango:~# id
uid=0(root) gid=0(root) groups=0(root)
root@mango:~#

Awesome box, thank you @MrR3boot !

Rooted and the mango is delicious

User: Consider the box name once you reached the login page

root: enumeration will help you [gtfobins]

Raise your hand if you spent far too long writing something in python, just for it to continue to let you down…

Raise your hand if you’re tired of people thinking “cOnSiDeR tHe BoX nAmE” is a hint when there are roughly four million different kinds of software named after fruit…and apparently we are supposed to guess one…

Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot

For those who still struggling with the initial foothold:
User:

  1. Don’t even try to brute by dictionary. There is absolutely no chance to do that.
  2. Don’t trust your eyes - trust responses.
  3. Don’t forget that some special chars have even more special meaning.
    Root:
    For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.

For those who still cannot get hints about fruit. Try to play with letters

Type your comment> @Ruri said:

Raise your hand if you’re tired of people thinking “cOnSiDeR tHe BoX nAmE” is a hint when there are roughly four million different kinds of software named after fruit…and apparently we are supposed to guess one…

there are different vowels in the alphabet…I understand your anger, the path to initial foothold is extremely annoying and requires a bit of dev-style thinking

Type your comment> @arrowsticino said:

This was a really fun box and a great learning experience. Kudos to @MrR3boot.

Obligatory hints.

User: very thorough enumeration is the key, knowing a bit of CS theory (and applying it in terms of code) really helps cutting down the time needed.
Root: I said “very thorough enumeration” for a reason.

:slight_smile: