Mango

dont be blind like me and check carefully S**d

@ZeWanderer said:

Hey, I’m also stuck at the mango search engine and a******.*** I could use a hint on finding the login everyone keeps mentioning.

If search is not that helpful, there might be something else on that machine that is very similar to the search, but less restrictive.

Type your comment> @olsv said:

Finally rooted. That was a nice experience and definitely one more thing to take into account during enumeration. Thanks @mrR3boot

For those who still struggling with the initial foothold:
User:

  1. Don’t even try to brute by dictionary. There is absolutely no chance to do that.
  2. Don’t trust your eyes - trust responses.
  3. Don’t forget that some special chars have even more special meaning.
    Root:
    For some reason didn’t manage to spawn local shell, but managed to spawn reverse. Once again don’t trust your eyes.

For those who still cannot get hints about fruit. Try to play with letters

I hope I don’t have to study a new query language…

Thanks to @MrR3boot for the box, I enjoy a lot custom exploits and this one was really fun.

(silly OT: how can you rate machines? Is there a upvote/downvote system? What’s the star rating in the machine page?)

@BadRain said:

I hope I don’t have to study a new query language…
Nope. You can do it even manually. Although you’ll quickly realize that script is the way to go

@gall0ws said:

Thanks to @MrR3boot for the box, I enjoy a lot custom exploits and this one was really fun.

(silly OT: how can you rate machines? Is there a upvote/downvote system? What’s the star rating in the machine page?)

Click the star in the machine list to give it a star rating.

@clubby789 said:

Click the star in the machine list to give it a star rating.

Cheers.
Actually I did it, I was expecting a popup or something but apparently it just changes colour.

Rooted! Fun box, never anticipated that I’ll need to use binary search for hacking :stuck_out_tongue:

Never gotten root shell though (reverse or otherwise)

If anyone can nudge that would be great. Been staring at login page and thinking about Mangos for too long now… not making a connection, or I am but not seeing it correctly.

If someone can DM me to make sure I am on right path.

nudge please, fairly new to this stuff so im stuck finding which direction to go. I’ve enumerated the ports and found the a*******ics page but thats it.

Same here. Missing some of the obvious stuff unable to find login. Nudge please.

Type your comment> @nwn00b said:

Same here. Missing some of the obvious stuff unable to find login. Nudge please.

As far as nudge to find login, did you find any of the other pages? Basic webpage enum should help you find the different webpages people have mentioned including the login page. Now what to do with the login page… Still working on that one.

What wordlist did you use to find the login page ? I tried few big list with gobuster I only found the analyzer thing.

EDIT : Found it, just ignore best practice, like login pages in non secured port…

Go back look at the cert you blindly accepted than visit on both ports maybe you shall find it

Found a couple of users of login page (a**** and m****) but no valuable info after logging in… Users are not valid for ssh.
Any nudge? Thanks
NVM: copy & paste was wrong… one of user is valid

hint for anyone who is trying to find login: don’t waste your time dirbusting, you will never find it this way. will just lead you to frustration and nothing else.

Type your comment> @job0 said:

Thanks @MrR3boot , learned couple things :slight_smile: The route to user was quite fun (and thankfully it was not as much trouble as Player).

I quickly found my way to the “under construction” page, but got stuck there for some time. For anyone else in a similar position, my hint is that the vulnerability used to get there is correct but it needs an uplift. Perhaps taking a look at PayloadsAllTheThings would help (if you got to the under construction page you will know where to look in the repo).

Good work

@gall0ws said:
Thanks to @MrR3boot for the box, I enjoy a lot custom exploits and this one was really fun.

(silly OT: how can you rate machines? Is there a upvote/downvote system? What’s the star rating in the machine page?)

Glad you had fun ride throughout.

Spoiler Removed

Hi guys can anyone give me a hint on initial footage to user? Or is there a leap from initial footage to root directly? A bit wired that I can ssh in but not the user I expected.