Mango

Got the root flag without logging in as “root” :slight_smile:

Figured out how to get to the lgn page…
Now what? I’ve read that a script to enumerate the backend system is needed.
Where to start??

Day 2, still no shell…

Are there any write-ups you can point to that is like Mango that I can look at?

staring at login page, think I get what the name is about , higher port isn’t open and tried legit logins and '- logins. Anyone can give me a nudge?

Well, I am officially insanely stuck. I found the login page but despite the clues about the box name I have no idea where to go from here. Would appreciate a DM nudge if anyone would be so kind.

I got “under constrution” , any hints?

H******y could be the key to move on?

Spoiler Removed

Root:

  1. You don’t have to priv esc, used the available tools in the system using your current user account.
    Thanks to @rholas

I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

still stuck at the login page, few suggestions are appreciated :smiley:

For people who have no idea where to begin once u get the login page

The box is named for a reason … Once u get that hint
there is a good blogpost literally explaining the entire user process :slight_smile:

Just get user & love this box, ty

Learning a new technique of web attacks. I will just be a Mango lover. :slight_smile: Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

@KryptoTheHippo said:
Just get user & love this box, ty

@idealphase said:
Learning a new technique of web attacks. I will just be a Mango lover. :slight_smile: Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

Have a bite of Mango now :slight_smile:

Got a**** user and its password… but what now ? I tried to enumerate other usernames with no luck. Am I missing out something ? Any little nudge appreciated.

Never mind figured it out! Messed my usernames enum.

Spoiler Removed

@wifislax said:
I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

You can read files, and you can write them to…
think about prividing the .ssh folder what it needs to accept you

finally logged in as root. Thanks everybody and @MrR3boot for the juicy lerarning experience.

Got root, thanks @MrR3boot for the great box. Learned a lot.