Mango

Rooted!

Thanks @sudneo for the nudge on the juice extraction, and thank you @MrR3boot for putting together those, let’s say “customizable” exploits that we had the chance to use.

If you guys need help you can leave a PM.

Rooted!

Thanks @rowra for making me notice a typo in my script.

@MrR3boot, thank you for the box. I definitely learnt something useful here, and it was great fun!

.

.

Spoiler Removed

Spoiler Removed

Spoiler Removed

Spoiler Removed

Stuck on the login page. Don’t what to do next.
Can someone give me a hint ?

I have the Users and Pwds, but I don’t know what’s the next step. Can someone give me any hint about how can I use the credentials?

Thanks in advance.

@MrR3boot nice job. Thanks for this challenge!

Type your comment> @jrgdiaz said:

just rooted!

Is it possible to get root shell directly from the gtfo bin without writing ssh folder or crontab?

yes

@q1Z said:

Type your comment> @jrgdiaz said:

just rooted!

Is it possible to get root shell directly from the gtfo bin without writing ssh folder or crontab?

yes

How did you do that? It just hung for me

Stuck after getting Users & Pwd. Should I be able to log in to the site with any of them?
Any hints much appreciated

Hi,
Trying not to spoiler this …

So with help from Google and a CTF write up I have enumerated two possible usernames, , but when I modify the script to try use one of the usernames and enumerate passwords I get a three or four character possible password output that isn’t right.

Can anyone DM me, if you went down this track for a nudge as I’m not sure why it worked for usernames but not password…

EDIT - Thanks to @BinaryStrike , @mava and @tang0 who all replied, and are / have helped me try and work out the error on my python scripting ways…

STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!

I wasted two hours trying to figure out why I couldn’t su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.

People that do this need to be lead to the gallows.

finally rooted this!

User part was the hardest for me. Root is easy.

@MrR3boot: thanks for the challenge!
@sudneo: thanks for the support dude

I am able to get passed login page to under construction. Though I am not able to use this information to my advantage to extract anything. I think i need help writing a python script for this. I can trigger the redirect through burp but cannot get anything working through python.

edit: making progress with python. Was able to get the redirect to under construction. Let’s see if I can get data extraction!

edit2: okay bit of tweaking and I got a user access! onto root!

Root! took some basic enum and a different method than I was used to.

pm for nudges

Thanks @mRr3b00t for the fun machine!

Tnx for a fun box @MrR3boot .

Gave me a few grey hairs on the initial foothold, after that it was pretty straight forward.

Thanks to MeikDK to fixing my errors.

pm me if you need a hint.

root@mango:~#id
uid=0(root) gid=0(root) groups=0(root)

Joined the juicy “froot” club finaly.
Thanks to @MrR3boot for the nice Box, learned alot about Fruits.

My advice would be not to download the new modern warfare or anything, while trying
to get into User. Make sure you get a smooth connection.

Spoiler Removed