Mango

1568101116

Comments

  • edited November 2019

    deleted

  • Type your comment> @unknownamd said:

    guys help plz PM me if you ca help...
    I added what I should add to /**/hos , but still cant access the domain

    Try to reboot your machine, it happened the same to me.
    Set the static name but nothing works. Machine rebooted and I got the page

  • really a jjjjuicy machine !!! Thanks for the machine @MrR3boot !!!!!!

  • r00ted, enjoyed the machine.

    halisha

    --- I reply faster on Telegram @halishasec and [Discord Tavi #6865]
    --- Please specify the machine you're working at when messaging

  • Hi, i'm so stuc, i can't find login web, i tried to write s****-ord.man.h** into /et/hos** file but cant access. Any hint ?

  • PM for Nuggers

    Hack The Box

  • Spoiler Removed

  • Rooted, nice box. PM if you need pointing in the right direction

  • Nice box! User wasn't as straightforward as I was expecting, if you write your own script don't forget to escape special characters because I lost a few hours of my life to this.

    m3ll0

    OSCP

  • Best box for ages. Thanks @MrR3boot

    izzie

  • @BinaryStrike said:
    really a jjjjuicy machine !!! Thanks for the machine @MrR3boot !!!!!!

    @izzie said:
    Best box for ages. Thanks @MrR3boot

    @halisha said:
    r00ted, enjoyed the machine.

    Glad you had fun with Mango :)

    MrR3boot
    Learn | Hack | Have Fun

  • Rooted this morning, really amazing box and big thanks @MrR3boot ,the the scripting part was quite bit frustrating :), learn something Important for any successful Penetration tester don't bypass anything without check further.

    N3v3r Giv3Up, 3v3ry th!ng !s p0ss!ble .

  • Type your comment> @Impulse said:

    For people who have no idea where to begin once u get the login page

    The box is named for a reason .. Once u get that hint
    there is a good blogpost literally explaining the entire user process :)

    I found this blog post, but only by accident, otherwise I never would have had the remotest chance of getting father (I'm a big noob). Curious to know the thought process of people who figured this out on their own. Is this a known thing that if you got the hint the name of the box alone would make you realize to try, or are there things you are doing in enumeration that would tell you that this exploit would work?

    Hilbert

  • @Icyb3r said:
    Rooted this morning, really amazing box and big thanks @MrR3boot ,the the scripting part was quite bit frustrating :), learn something Important for any successful Penetration tester don't bypass anything without check further.

    Welcome :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited November 2019

    Rooted.

    I agree to understand how to play this machine.
    Brainfuck for me to get,

    "rhyme mango" , "hint mango"

    I think soooooo far.

    I learned a lot on this machine.

    Thank you

    User : no comment
    Root : gtfobins is best friend.

    Arrexel

  • Finally rooted and got shell.
    Personally I don't like "guessing" but when I got it it was SOOOOO funny to get the credentials.
    And I also learned something really new.
    Moreover, I love when getting the shell involves your fantasy.
    Thanks @MrR3boot !

    image
    Click here for HTB Profile: You are welcome to contact me for a nudge, but if I help you, please consider giving respect.

  • Nice box

    OSCP | CCSK

    Hack The Box

  • Juice Extraction part was interesting I totally loved it.
    User: no comments
    Root: Pretty straightforward basic enumeration is the key.
    Thanks to box maker @MrR3boot

  • edited November 2019

    guys i need help in user enum, i got logged in but the gears keep rolling without any changes, so i'm in /ho**.p*p what to do?
    I'M REALLY STUCK AT THIS STEP

  • edited November 2019

    delete

  • Thanks for a fun box @MrR3boot! I learned quite a bit, and really enjoyed it!

    thr33per

  • @blink3r said:
    Finally rooted and got shell.
    Personally I don't like "guessing" but when I got it it was SOOOOO funny to get the credentials.
    And I also learned something really new.
    Moreover, I love when getting the shell involves your fantasy.
    Thanks @MrR3boot !

    @breaker said:
    Juice Extraction part was interesting I totally loved it.
    User: no comments
    Root: Pretty straightforward basic enumeration is the key.
    Thanks to box maker @MrR3boot

    @thr33per said:
    Thanks for a fun box @MrR3boot! I learned quite a bit, and really enjoyed it!

    That's a joyful feedback. That makes me to do more in future :)

    MrR3boot
    Learn | Hack | Have Fun

  • edited November 2019

    hi guys should I enumerate password for login page?

  • I'm stuck on the login page. I think I understand what the "mango" hint is but I have no clue about how to extract to get to the next part. Any nudges are appreciated.

  • I got this Error
    Current key is only applicable for *.codepen.io.
    Read more info about this error
    You are trying to use the following key: Z7U7-XHIF9V-4A5Q3S-343X5O-0P5G1R-5G2G25-6S5F2Q-0Q0F5Z-37

  • edited November 2019

    is this a brute force challenge?

  • Type your comment> @mosaaed said:

    I got this Error
    Current key is only applicable for *.codepen.io.
    Read more info about this error
    You are trying to use the following key: Z7U7-XHIF9V-4A5Q3S-343X5O-0P5G1R-5G2G25-6S5F2Q-0Q0F5Z-37

    u dropped into a hole

    Hack The Box

  • edited November 2019

    @an0n said:
    is this a brute force challenge?

    i'm also still quite stuck at the early stage, but if you referring to the credentials for vhost, it is sort of a brute force, but u probably have to write your own script and define some rules (eg: length of password, possible characters) to reduce the brute force's scope.

    Hack The Box

  • Hi!

    Here are my hints ...

    User:

    1º It's important to enumerate in this box, but Dirbuster won't lead you where you need.

    2º When you are starting with one HTB machine, it's a good practice to try the Vhost (name of the machine) + .htb. In some instances, you might get additional Vhosts which are worth checking as well.

    3º If you arrive to a login page, you are on the right path.

    4º The mango is a word play related to the technology to research. Mango is not a mango, but is close to it.

    5º Once you figure out the technology, research how you could exploit it. There are different articles on the Internet. One of those articles will give you an idea about how to proceed further.

    6º My advice would be to play first with burp and the repeater, in order to get a slight idea about how to design your attack. Then, create your own script. This was the best part for me.

    Root: Basic enumeration. It's way easier than user, and I am sure you have solved other machines this way.

    Thank you @MrR3boot

    twypsy

  • Rooted.Thx! Nice Box

    joelblack

Sign In to comment.