hint for anyone who is trying to find login: don’t waste your time dirbusting, you will never find it this way. will just lead you to frustration and nothing else.
Type your comment> @job0 said:
Thanks @MrR3boot , learned couple things The route to user was quite fun (and thankfully it was not as much trouble as Player).
I quickly found my way to the “under construction” page, but got stuck there for some time. For anyone else in a similar position, my hint is that the vulnerability used to get there is correct but it needs an uplift. Perhaps taking a look at PayloadsAllTheThings would help (if you got to the under construction page you will know where to look in the repo).
Good work
@gall0ws said:
Thanks to @MrR3boot for the box, I enjoy a lot custom exploits and this one was really fun.(silly OT: how can you rate machines? Is there a upvote/downvote system? What’s the star rating in the machine page?)
Glad you had fun ride throughout.
Spoiler Removed
Hi guys can anyone give me a hint on initial footage to user? Or is there a leap from initial footage to root directly? A bit wired that I can ssh in but not the user I expected.
@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.
User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.
Next time, make a pineapple box!
Sorry, I’m little late to the party, but honestly, I liked the Mango @MrR3boot , thanks for the box bhai.
How do you use a****s.? I get only errors
User was fun, root was 15minutes from that and I took a bathroom break.
Nice machine ! Learned some new stuff and thats the main reason why I’m here.
Type your comment> @Ketil said:
@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.Next time, make a pineapple box!
Word pun? Could be more difficult for non english people?
hello guys, someone managed to get a rev shell as root?
Type your comment> @IteXss said:
hello guys, someone managed to get a rev shell as root?
just give it what it needs to ssh
Type your comment> @v01t4ic said:
Type your comment> @IteXss said:
hello guys, someone managed to get a rev shell as root?
just give it what it needs to ssh
hmm, i get it, thank you mate!!
So: someone tells the only way is enumerate… someone else swear it is useless… someone says to look at mango, but non like a real mango… someone says to look at the certs… I ain’t like mangos anymore…
(and btw enumeration gave me only an…cs and 403 for s…r-s…s)
Spoiler Removed
Type your comment> @librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.
@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.
same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have
I need some help, I’ve found the login page, the ■■■■*****.*** file. But I truly don’t know how to proceed. I don’t see any information in the source that I can make use off, and i don’t know what to do. I seen some people talking about mon**.db but i dont see how people found this piece of information, can’t find anything too it.
Help appreciated !
keep in mind that a website can have multiple faces… so based on the request the webserver serves different content… so hammering port 80 might not show anything to you… but a “different” port 80 does…