Mango

Type your comment> @c0d3rV1J0 said:

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it…

@H3L1OS

@H3L1OS said:
Type your comment> @c0d3rV1J0 said:

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it…

Are you talking about nmap? If that is the case I guess it all depends on the flags I used? If you are talking about the certificate, I saw that link but I cannot go to it without an error.

Type your comment> @Ketil said:

@MrR3boot first of all, thanks/dhanyavad for being a content creator, that is commendable and should not be taken lightly.
I loved player and had a great amount of fun, but the naming of this box was a bit of an omen I guess. I don’t touch mangoes, cant stand them to be honest, and this box was not a friend of mine either. But I am none the less grateful for your contribution.
The initial leap was a bit too much of a guess/assumption/ whatamathingy sorta thing.

User: Its not that it rhymes with Mango… but well. have a look at the hints in the forum
Root: pretty standard enum stuff, what stands out, what do you not expect to see.

Next time, make a pineapple box! :stuck_out_tongue:

Lol next box will be a Chocolate :stuck_out_tongue: Anyways thanks for the feedback. We have to name the boxes such a way that they can drive the people towards the technology that is being used in the box.

Interesting box! The only one where enumeration found me root, before it found me user. (That is, identified the user->root step immediately from looking at enum output)

@n4v1n said:
Sorry, I’m little late to the party, but honestly, I liked the Mango :slight_smile: @MrR3boot , thanks for the box bhai.

@NikolaITA said:
thanks @MrR3boot ! User was lovely and fun. Root pretty standard.

Glad you had fun :slight_smile:

@Salts Root before user ? impossible

Type your comment> @MrR3boot said:

@Salts Root before user ? impossible

No, misunderstanding. I mean to say that root was obvious before I figured out how to get into user, which is a first for me is all!

It was a cool box, I have very little experience working with uh… mangos that way. It was eye opening.

Hi. Got the login page. Made some magic and got the “under construction” page. No idea what shall I do with this page. Can I have some help?

Type your comment> @p3tj3v said:

keep in mind that a website can have multiple faces… so based on the request the webserver serves different content… so hammering port 80 might not show anything to you… but a “different” port 80 does…

Honestly, I completely excluded that approach from the beginning, 'cause I thought was pointless under this kind of network. Obviously I was wrong. Thank you :wink:

The way to get “juice” out from the mango is to “extract”.

Nice box! Tips for user:
-mAnGo iS a HiNt
-Don’t use bruteforce (it’s useless). Create a script.

Root:
-Standard enum

@limbernie said:
The way to get “juice” out from the mango is to “extract”.

You extracted the Theme of the box. Well done :slight_smile:

Type your comment> @H3L1OS said:

Type your comment> @c0d3rV1J0 said:

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it…

@p3tj3v said:
keep in mind that a website can have multiple faces… so based on the request the webserver serves different content… so hammering port 80 might not show anything to you… but a “different” port 80 does…

Very helpful and on point… really good tips in these posts… this is an awesome box… definitely lots of fun…

Think I have the correct directory for the login page due to some convenient python scripts on pastebin. However, the url does not work. Very confused… Tried both ports. s******-r.m.b/i**.*** right?

How did you guys go to the staging? I’m just in the live folder always.

Got the root flag without logging in as “root” :slight_smile:

Figured out how to get to the lgn page…
Now what? I’ve read that a script to enumerate the backend system is needed.
Where to start??

Day 2, still no shell…

Are there any write-ups you can point to that is like Mango that I can look at?

staring at login page, think I get what the name is about , higher port isn’t open and tried legit logins and '- logins. Anyone can give me a nudge?

Well, I am officially insanely stuck. I found the login page but despite the clues about the box name I have no idea where to go from here. Would appreciate a DM nudge if anyone would be so kind.