Thanks @MrR3boot , learned couple things The route to user was quite fun (and thankfully it was not as much trouble as Player).
I quickly found my way to the “under construction” page, but got stuck there for some time. For anyone else in a similar position, my hint is that the vulnerability used to get there is correct but it needs an uplift. Perhaps taking a look at PayloadsAllTheThings would help (if you got to the under construction page you will know where to look in the repo).
Hey everyone! I am having a hard time trying to move forward. I am stuck on the mango search engine and the a*****.**p. Some help please! I am new at this! Thanks.
It’s been 3 weeks since I got into this wonderful world of pentesting. I’ve done a few machines here but his has been one of the most enjoyable ones for me so far. So great job on this box @mrR3boot!
I really struggled with a python script, everything seemed perfectly fine, but I got a different answer than I expected every time. It helped to pass an extra argument to a method somewhere (silly me).
I didn’t get a root shell but was able to get the root flag anyway. I assume it’s through the same escalation method though.
Hints: @olsv gave a really good hints for the initial foothold.
root: it helps if you can code in a certain language
Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot
For those who still struggling with the initial foothold:
User:
Don’t even try to brute by dictionary. There is absolutely no chance to do that.
Don’t trust your eyes - trust responses.
Don’t forget that some special chars have even more special meaning.
Root:
For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.
For those who still cannot get hints about fruit. Try to play with letters
I hope I don’t have to study a new query language…
If anyone can nudge that would be great. Been staring at login page and thinking about Mangos for too long now… not making a connection, or I am but not seeing it correctly.
If someone can DM me to make sure I am on right path.
nudge please, fairly new to this stuff so im stuck finding which direction to go. I’ve enumerated the ports and found the a*******ics page but thats it.