Mango

Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot

For those who still struggling with the initial foothold:
User:

  1. Don’t even try to brute by dictionary. There is absolutely no chance to do that.
  2. Don’t trust your eyes - trust responses.
  3. Don’t forget that some special chars have even more special meaning.
    Root:
    For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.

For those who still cannot get hints about fruit. Try to play with letters

Type your comment> @Ruri said:

Raise your hand if you’re tired of people thinking “cOnSiDeR tHe BoX nAmE” is a hint when there are roughly four million different kinds of software named after fruit…and apparently we are supposed to guess one…

there are different vowels in the alphabet…I understand your anger, the path to initial foothold is extremely annoying and requires a bit of dev-style thinking

Type your comment> @arrowsticino said:

This was a really fun box and a great learning experience. Kudos to @MrR3boot.

Obligatory hints.

User: very thorough enumeration is the key, knowing a bit of CS theory (and applying it in terms of code) really helps cutting down the time needed.
Root: I said “very thorough enumeration” for a reason.

:slight_smile:

@idomino said:
Joined the Mango club :slight_smile:

Last login: Thu Oct 10 08:33:27 2019
root@mango:~# id
uid=0(root) gid=0(root) groups=0(root)
root@mango:~#

Awesome box, thank you @MrR3boot !

Welcome to the Juicy World :stuck_out_tongue:

Type your comment> @olsv said:

Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot

For those who still struggling with the initial foothold:
User:

  1. Don’t even try to brute by dictionary. There is absolutely no chance to do that.
  2. Don’t trust your eyes - trust responses.
  3. Don’t forget that some special chars have even more special meaning.
    Root:
    For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.

For those who still cannot get hints about fruit. Try to play with letters

Welcome to the Mango club :slight_smile:

Type your comment> @ow1joker said:

Raise your hand if you spent far too long writing something in python, just for it to continue to let you down…

Please keep in mind all this is based on I assuming you wrote the same thing I did and you first screwed up the same thing I did. You might want to add a single ^ to the right position and/or check what you exclude. Tiny tiny changes make huge differences :slight_smile:

@Ruri you’re goin the wrong way. It’s not a hint that the thing is named after a fruit. It’s named /almost/ after the box. Consider it a… typo?

Thanks @MrR3boot for the box this interesting box!

Really liked user part though had to ask for nudges. Need to add colors to my exploit fork to make it look even better =)

Root is much simpler

rooted!! i think player is easier than that :stuck_out_tongue:

Type your comment> @v01t4ic said:

Thanks @MrR3boot for the box this interesting box!

Really liked user part though had to ask for nudges. Need to add colors to my exploit fork to make it look even better =)

Root is much simpler

Glad you enjoyed it :slight_smile:

@ngaswam said:
rooted!! i think player is easier than that :stuck_out_tongue:

Are you serious ? for me Player is nightmare lol :stuck_out_tongue:

This one took some time, in the end I loved it and learned a lot. Thank you!

Thanks @MrR3boot , learned couple things :slight_smile: The route to user was quite fun (and thankfully it was not as much trouble as Player).

I quickly found my way to the “under construction” page, but got stuck there for some time. For anyone else in a similar position, my hint is that the vulnerability used to get there is correct but it needs an uplift. Perhaps taking a look at PayloadsAllTheThings would help (if you got to the under construction page you will know where to look in the repo).

Hey guys! I am in need of help, searchengine and a**t. found, unable to find the login page can anyone give me a hint? :slight_smile:

I’m stuck in the privesc part… Any hint is welcome PM
Thanks!

Spoiler Removed

Thanks to @rholas and @joshibeast for open my mind.

Rooted.
VERY enjoyable box. Thank you @MrR3boot

Hints:
User: This Mango is not really a mango… it’s something more “known” to us. :wink:
Root: Your usual enumeration should highlight your target.

Happy to help if anyone needs a hint.

@naveen1729 said:
Type your comment> @rholas said:

(Quote)
being too literal, consider a “fuzzy match”

Bro your a Genius!!!

Just now reading on how to approach the sweet fruit and your hint is spot on !

Hey everyone! I am having a hard time trying to move forward. I am stuck on the mango search engine and the a*****.**p. Some help please! I am new at this! Thanks.

It’s been 3 weeks since I got into this wonderful world of pentesting. I’ve done a few machines here but his has been one of the most enjoyable ones for me so far. So great job on this box @mrR3boot!

I really struggled with a python script, everything seemed perfectly fine, but I got a different answer than I expected every time. It helped to pass an extra argument to a method somewhere (silly me).

I didn’t get a root shell but was able to get the root flag anyway. I assume it’s through the same escalation method though.

Hints:
@olsv gave a really good hints for the initial foothold.

root: it helps if you can code in a certain language