Mango

How do you use a****s.? I get only errors

User was fun, root was 15minutes from that and I took a bathroom break.

Nice machine ! Learned some new stuff and thats the main reason why I’m here.

Type your comment> @Ketil said:

@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.

User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.

Next time, make a pineapple box! :stuck_out_tongue:

Word pun? Could be more difficult for non english people?

hello guys, someone managed to get a rev shell as root?

Type your comment> @IteXss said:

hello guys, someone managed to get a rev shell as root?

just give it what it needs to ssh

Type your comment> @v01t4ic said:

Type your comment> @IteXss said:

hello guys, someone managed to get a rev shell as root?

just give it what it needs to ssh

hmm, i get it, thank you mate!!

So: someone tells the only way is enumerate… someone else swear it is useless… someone says to look at mango, but non like a real mango… someone says to look at the certs… I ain’t like mangos anymore…
(and btw enumeration gave me only an…cs and 403 for s…r-s…s)

Spoiler Removed

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

I need some help, I’ve found the login page, the ■■■■*****.*** file. But I truly don’t know how to proceed. I don’t see any information in the source that I can make use off, and i don’t know what to do. I seen some people talking about mon**.db but i dont see how people found this piece of information, can’t find anything too it.

Help appreciated !

keep in mind that a website can have multiple faces… so based on the request the webserver serves different content… so hammering port 80 might not show anything to you… but a “different” port 80 does…

Type your comment> @c0d3rV1J0 said:

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it…

@H3L1OS

@H3L1OS said:
Type your comment> @c0d3rV1J0 said:

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it…

Are you talking about nmap? If that is the case I guess it all depends on the flags I used? If you are talking about the certificate, I saw that link but I cannot go to it without an error.

Type your comment> @Ketil said:

@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.

User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.

Next time, make a pineapple box! :stuck_out_tongue:

Lol next box will be a Chocolate :stuck_out_tongue: Anyways thanks for the feedback. We have to name the boxes such a way that they can drive the people towards the technology that is being used in the box.

Interesting box! The only one where enumeration found me root, before it found me user. (That is, identified the user->root step immediately from looking at enum output)

@n4v1n said:
Sorry, I’m little late to the party, but honestly, I liked the Mango :slight_smile: @MrR3boot , thanks for the box bhai.

@NikolaITA said:
thanks @MrR3boot ! User was lovely and fun. Root pretty standard.

Glad you had fun :slight_smile:

@Salts Root before user ? impossible

Type your comment> @MrR3boot said:

@Salts Root before user ? impossible

No, misunderstanding. I mean to say that root was obvious before I figured out how to get into user, which is a first for me is all!

It was a cool box, I have very little experience working with uh… mangos that way. It was eye opening.

Hi. Got the login page. Made some magic and got the “under construction” page. No idea what shall I do with this page. Can I have some help?