Mango

hint for anyone who is trying to find login: don’t waste your time dirbusting, you will never find it this way. will just lead you to frustration and nothing else.

Type your comment> @job0 said:

Thanks @MrR3boot , learned couple things :slight_smile: The route to user was quite fun (and thankfully it was not as much trouble as Player).

I quickly found my way to the “under construction” page, but got stuck there for some time. For anyone else in a similar position, my hint is that the vulnerability used to get there is correct but it needs an uplift. Perhaps taking a look at PayloadsAllTheThings would help (if you got to the under construction page you will know where to look in the repo).

Good work

@gall0ws said:
Thanks to @MrR3boot for the box, I enjoy a lot custom exploits and this one was really fun.

(silly OT: how can you rate machines? Is there a upvote/downvote system? What’s the star rating in the machine page?)

Glad you had fun ride throughout.

Spoiler Removed

Hi guys can anyone give me a hint on initial footage to user? Or is there a leap from initial footage to root directly? A bit wired that I can ssh in but not the user I expected.

@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.

User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.

Next time, make a pineapple box! :stuck_out_tongue:

Sorry, I’m little late to the party, but honestly, I liked the Mango :slight_smile: @MrR3boot , thanks for the box bhai.

thanks @MrR3boot ! User was lovely and fun. Root pretty standard.

How do you use a****s.? I get only errors

User was fun, root was 15minutes from that and I took a bathroom break.

Nice machine ! Learned some new stuff and thats the main reason why I’m here.

Type your comment> @Ketil said:

@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.

User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.

Next time, make a pineapple box! :stuck_out_tongue:

Word pun? Could be more difficult for non english people?

hello guys, someone managed to get a rev shell as root?

Type your comment> @IteXss said:

hello guys, someone managed to get a rev shell as root?

just give it what it needs to ssh

Type your comment> @v01t4ic said:

Type your comment> @IteXss said:

hello guys, someone managed to get a rev shell as root?

just give it what it needs to ssh

hmm, i get it, thank you mate!!

So: someone tells the only way is enumerate… someone else swear it is useless… someone says to look at mango, but non like a real mango… someone says to look at the certs… I ain’t like mangos anymore…
(and btw enumeration gave me only an…cs and 403 for s…r-s…s)

Spoiler Removed

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

I need some help, I’ve found the login page, the ■■■■*****.*** file. But I truly don’t know how to proceed. I don’t see any information in the source that I can make use off, and i don’t know what to do. I seen some people talking about mon**.db but i dont see how people found this piece of information, can’t find anything too it.

Help appreciated !

keep in mind that a website can have multiple faces… so based on the request the webserver serves different content… so hammering port 80 might not show anything to you… but a “different” port 80 does…