Mango

Tnx for a fun box @MrR3boot .

Gave me a few grey hairs on the initial foothold, after that it was pretty straight forward.

Thanks to MeikDK to fixing my errors.

pm me if you need a hint.

root@mango:~#id
uid=0(root) gid=0(root) groups=0(root)

Joined the juicy “froot” club finaly.
Thanks to @MrR3boot for the nice Box, learned alot about Fruits.

My advice would be not to download the new modern warfare or anything, while trying
to get into User. Make sure you get a smooth connection.

Spoiler Removed

Very nice box, thanks @MrR3boot!

idk if it is my connection but seems like some guys are ravaging the server X_X

Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the script I run.

Im not sure if it’s my logic or my poor python modifying ability.

EDIT - Thanks to @BinaryStrike , @mava and @tang0 who all replied, and are / have helped me try and work out the error on my python scripting ways…

deleted

Type your comment> @unknownamd said:

guys help plz PM me if you ca help…
I added what I should add to /**/hos , but still cant access the domain

Try to reboot your machine, it happened the same to me.
Set the static name but nothing works. Machine rebooted and I got the page

really a jjjjuicy machine !!! Thanks for the machine @MrR3boot !!!

r00ted, enjoyed the machine.

Hi, i’m so stuc, i can’t find login web, i tried to write s****-ord***.man**.h** into /et*/hos** file but cant access. Any hint ?

PM for Nuggers

Hack The Box

Spoiler Removed

Rooted, nice box. PM if you need pointing in the right direction

Nice box! User wasn’t as straightforward as I was expecting, if you write your own script don’t forget to escape special characters because I lost a few hours of my life to this.

Best box for ages. Thanks @MrR3boot

@BinaryStrike said:
really a jjjjuicy machine !!! Thanks for the machine @MrR3boot !!!

@izzie said:
Best box for ages. Thanks @MrR3boot

@halisha said:
r00ted, enjoyed the machine.

Glad you had fun with Mango :slight_smile:

Rooted this morning, really amazing box and big thanks @MrR3boot ,the the scripting part was quite bit frustrating :), learn something Important for any successful Penetration tester don’t bypass anything without check further.

Type your comment> @Impulse said:

For people who have no idea where to begin once u get the login page

The box is named for a reason … Once u get that hint
there is a good blogpost literally explaining the entire user process :slight_smile:

I found this blog post, but only by accident, otherwise I never would have had the remotest chance of getting father (I’m a big noob). Curious to know the thought process of people who figured this out on their own. Is this a known thing that if you got the hint the name of the box alone would make you realize to try, or are there things you are doing in enumeration that would tell you that this exploit would work?

@Icyb3r said:
Rooted this morning, really amazing box and big thanks @MrR3boot ,the the scripting part was quite bit frustrating :), learn something Important for any successful Penetration tester don’t bypass anything without check further.

Welcome :slight_smile: