Mango

finally rooted this!

User part was the hardest for me. Root is easy.

@MrR3boot: thanks for the challenge!
@sudneo: thanks for the support dude

I am able to get passed login page to under construction. Though I am not able to use this information to my advantage to extract anything. I think i need help writing a python script for this. I can trigger the redirect through burp but cannot get anything working through python.

edit: making progress with python. Was able to get the redirect to under construction. Let’s see if I can get data extraction!

edit2: okay bit of tweaking and I got a user access! onto root!

Root! took some basic enum and a different method than I was used to.

pm for nudges

Thanks @mRr3b00t for the fun machine!

Tnx for a fun box @MrR3boot .

Gave me a few grey hairs on the initial foothold, after that it was pretty straight forward.

Thanks to MeikDK to fixing my errors.

pm me if you need a hint.

root@mango:~#id
uid=0(root) gid=0(root) groups=0(root)

Joined the juicy “froot” club finaly.
Thanks to @MrR3boot for the nice Box, learned alot about Fruits.

My advice would be not to download the new modern warfare or anything, while trying
to get into User. Make sure you get a smooth connection.

Spoiler Removed

Very nice box, thanks @MrR3boot!

idk if it is my connection but seems like some guys are ravaging the server X_X

Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the script I run.

Im not sure if it’s my logic or my poor python modifying ability.

EDIT - Thanks to @BinaryStrike , @mava and @tang0 who all replied, and are / have helped me try and work out the error on my python scripting ways…

deleted

Type your comment> @unknownamd said:

guys help plz PM me if you ca help…
I added what I should add to /**/hos , but still cant access the domain

Try to reboot your machine, it happened the same to me.
Set the static name but nothing works. Machine rebooted and I got the page

really a jjjjuicy machine !!! Thanks for the machine @MrR3boot !!!

r00ted, enjoyed the machine.

Hi, i’m so stuc, i can’t find login web, i tried to write s****-ord***.man**.h** into /et*/hos** file but cant access. Any hint ?

PM for Nuggers

Hack The Box

Spoiler Removed

Rooted, nice box. PM if you need pointing in the right direction

Nice box! User wasn’t as straightforward as I was expecting, if you write your own script don’t forget to escape special characters because I lost a few hours of my life to this.

Best box for ages. Thanks @MrR3boot

@BinaryStrike said:
really a jjjjuicy machine !!! Thanks for the machine @MrR3boot !!!

@izzie said:
Best box for ages. Thanks @MrR3boot

@halisha said:
r00ted, enjoyed the machine.

Glad you had fun with Mango :slight_smile:

Rooted this morning, really amazing box and big thanks @MrR3boot ,the the scripting part was quite bit frustrating :), learn something Important for any successful Penetration tester don’t bypass anything without check further.