Mango

@limbernie said:
The way to get “juice” out from the mango is to “extract”.

You extracted the Theme of the box. Well done :slight_smile:

Type your comment> @H3L1OS said:

Type your comment> @c0d3rV1J0 said:

Type your comment> @librab103 said:

Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

@librab103 said:
Hello all. I must be doing something wrong. Like most I found the Mango search page but not the login page or other pages. I checked the certificate and saw the one link but I get an error trying to connect to it. I tried to resolve the link by adding it to my localhost file with no use. I was going to try dirbuster but I see that is not the right direction. I am currently running nikto on both ports and so far nothing. A point in the right direction would be helpful.

same here i have mango search page but i cant seems to find any login page. i dirb all wordlists i have

You are not going to find the login page that way go back to the very first thing you did in your enum go through it carefully and you will see it…

@p3tj3v said:
keep in mind that a website can have multiple faces… so based on the request the webserver serves different content… so hammering port 80 might not show anything to you… but a “different” port 80 does…

Very helpful and on point… really good tips in these posts… this is an awesome box… definitely lots of fun…

Think I have the correct directory for the login page due to some convenient python scripts on pastebin. However, the url does not work. Very confused… Tried both ports. s******-r.m.b/i**.*** right?

How did you guys go to the staging? I’m just in the live folder always.

Got the root flag without logging in as “root” :slight_smile:

Figured out how to get to the lgn page…
Now what? I’ve read that a script to enumerate the backend system is needed.
Where to start??

Day 2, still no shell…

Are there any write-ups you can point to that is like Mango that I can look at?

staring at login page, think I get what the name is about , higher port isn’t open and tried legit logins and '- logins. Anyone can give me a nudge?

Well, I am officially insanely stuck. I found the login page but despite the clues about the box name I have no idea where to go from here. Would appreciate a DM nudge if anyone would be so kind.

I got “under constrution” , any hints?

H******y could be the key to move on?

Spoiler Removed

Root:

  1. You don’t have to priv esc, used the available tools in the system using your current user account.
    Thanks to @rholas

I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

still stuck at the login page, few suggestions are appreciated :smiley:

For people who have no idea where to begin once u get the login page

The box is named for a reason … Once u get that hint
there is a good blogpost literally explaining the entire user process :slight_smile:

Just get user & love this box, ty

Learning a new technique of web attacks. I will just be a Mango lover. :slight_smile: Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

@KryptoTheHippo said:
Just get user & love this box, ty

@idealphase said:
Learning a new technique of web attacks. I will just be a Mango lover. :slight_smile: Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

Have a bite of Mango now :slight_smile:

Got a**** user and its password… but what now ? I tried to enumerate other usernames with no luck. Am I missing out something ? Any little nudge appreciated.

Never mind figured it out! Messed my usernames enum.