Mango

145791023

Comments

  • Got root, thanks @MrR3boot for the great box. Learned a lot.

  • To jump from one user to another check more on the login!

  • edited November 2019

    There must be something wrong in what I am doing. I managed to extract the juice for 2 users from the fruit shop. One works for the site login, the other doesn't. None of them works for SSH. Any idea?

    EDIT: With fresh mind in the morning I got the little mistake I had in the script and solved the issue.

    Edit: rooted, root was pretty straightforward. Thanks to the machine creators, I have learned new stuff with the machine, and I love all machines where custom exploits are necessary. Thanks @MrR3boot

  • Could some sanity check me?

  • Hi guys could someone give me a nudge on the initial foothold i have tried several things and it's not working i can explain everything i have tried in a pm.

  • Guys, found the login page, still cannot get my juice from the shop. I got the hint from the db at the backend, but still no juice .. and of course it is closed from the outside ... Trying to rock it, but oh boy .. its gonna take a while ... if anyone could squeeze something it would be really nice ! thanks

  • Type your comment> @H3L1OS said:

    Hi guys could someone give me a nudge on the initial foothold i have tried several things and it's not working i can explain everything i have tried in a pm.

    PM me if you want, I will try to give you some nudges. Initial foothold is quite disorienting at first and it's easy to get lost.

  • Rooted!

    Thanks @sudneo for the nudge on the juice extraction, and thank you @MrR3boot for putting together those, let's say "customizable" exploits that we had the chance to use.

    If you guys need help you can leave a PM.

    trollzorftw

  • Rooted!

    Thanks @rowra for making me notice a typo in my script.

    @MrR3boot, thank you for the box. I definitely learnt something useful here, and it was great fun!

  • edited November 2019

    .

  • edited November 2019
    .

    BadRain

  • edited November 2019

    Spoiler Removed

  • Spoiler Removed

  • Spoiler Removed

  • Spoiler Removed

  • Stuck on the login page. Don't what to do next.
    Can someone give me a hint ?

  • I have the Users and Pwds, but I don't know what's the next step. Can someone give me any hint about how can I use the credentials?

    Thanks in advance.

    @MrR3boot nice job. Thanks for this challenge!

  • Type your comment> @jrgdiaz said:

    just rooted!

    Is it possible to get root shell directly from the gtfo bin without writing ssh folder or crontab?

    yes

  • @q1Z said:

    Type your comment> @jrgdiaz said:

    just rooted!

    Is it possible to get root shell directly from the gtfo bin without writing ssh folder or crontab?

    yes

    How did you do that? It just hung for me

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Stuck after getting Users & Pwd. Should I be able to log in to the site with any of them?
    Any hints much appreciated

    Hack The Box

  • edited November 2019
    Hi,
    Trying not to spoiler this ...

    So with help from Google and a CTF write up I have enumerated two possible usernames, , but when I modify the script to try use one of the usernames and enumerate passwords I get a three or four character possible password output that isn't right.

    Can anyone DM me, if you went down this track for a nudge as I'm not sure why it worked for usernames but not password...

    EDIT - Thanks to @BinaryStrike , @mava and @tang0 who all replied, and are / have helped me try and work out the error on my python scripting ways....
  • edited November 2019

    STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!

    I wasted two hours trying to figure out why I couldn't su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.

    People that do this need to be lead to the gallows.

  • finally rooted this!

    User part was the hardest for me. Root is easy.

    @MrR3boot: thanks for the challenge!
    @sudneo: thanks for the support dude

    Hack The Box

  • edited November 2019

    I am able to get passed login page to under construction. Though I am not able to use this information to my advantage to extract anything. I think i need help writing a python script for this. I can trigger the redirect through burp but cannot get anything working through python.

    edit: making progress with python. Was able to get the redirect to under construction. Let's see if I can get data extraction!

    edit2: okay bit of tweaking and I got a user access! onto root!

    Root! took some basic enum and a different method than I was used to.

    pm for nudges

    Thanks @mRr3b00t for the fun machine!

  • edited November 2019

    Tnx for a fun box @MrR3boot .

    Gave me a few grey hairs on the initial foothold, after that it was pretty straight forward.

    Thanks to MeikDK to fixing my errors.

    pm me if you need a hint.

    [email protected]:~#id
    uid=0(root) gid=0(root) groups=0(root)

    Cham

  • Joined the juicy "froot" club finaly.
    Thanks to @MrR3boot for the nice Box, learned alot about Fruits.

    My advice would be not to download the new modern warfare or anything, while trying
    to get into User. Make sure you get a smooth connection.

  • Spoiler Removed

    Hack The Box

  • Very nice box, thanks @MrR3boot!

  • idk if it is my connection but seems like some guys are ravaging the server X_X

  • edited November 2019

    Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the script I run.

    Im not sure if it’s my logic or my poor python modifying ability.

    EDIT - Thanks to @BinaryStrike , @mava and @tang0 who all replied, and are / have helped me try and work out the error on my python scripting ways....

Sign In to comment.