Mango

1679111216

Comments

  • Rooted finally :D took me a few hours for initial shell but the rest was a walk in the park. Enum well, however dirb did not help me , keep it simple after initial shell , burp your way to these flags like a mongo

  • @MrR3boot Thanks again. Initial foothold and user was most work, luckily the "mango" has default features for enum. Root was an interesting new tool.

  • @MrR3boot This was the most fun box I've done so far. I learned quite a bit! Big thanks to @sudneo for some key help

    user: If you've got creds but are frustrated because you aren't the user you want to be, there is more than one way to login as a user

    root: I suck at privesc, so if I can get it you can. Read the posts in this thread, the path has been given multiple times

    PM if you need a nudge

    Hilbert

  • @MrR3boot thank you - the headaches have stopped after smacking my head of the desk! Thanks to everyone that give nudges, lesson learned remember the basics.

    So Root Dance!

  • MrR3boot
    Learn | Hack | Have Fun

  • still stuck at the login page, few suggestions are appreciated :)

    Hack The Box
    Silence, i'll hack you!! ;-)

  • For anybody having trouble finding out whats running behind the curtain: after the new way has opened up for you, return to basic enumeration, there is something to be found if you follow the path.

    For the next step, Listen closely to the responses you get, it's not as blind as you may think it is. There are a few articles out there outlining the process.

    Regarding root, looked up gtfobins for the thing I thought I found, unfortunately it didn't work. Would be glad about any pointers ! Thanks

  • more nudge please I got HTTP/1.1 302 Found

  • I had fun with this box. I went down a hole and missed the obvious with root. Once I noticed the correct path it was a matter of minutes. PM for nudges.

  • Managed to get the Root Flag. Great box!

    And thanks again for the nudge @Pir4t3

  • Got user yesterday and finally pwnt root this morning.
    Getting user was a lot of fun.

    Loved this box!

  • Stop bashing this machine please, not fun anymore. This box keeps come online and within 1 minute it's unavailable again

    Hack The Box
    Silence, i'll hack you!! ;-)

  • It is an interesting machine, when people say that Mango is a words game, it really is, but don't try to break your head trying brute force with combinations of this word or similar things, I did it was discouraging.

    The escalation is very easy, there is a very clear hint in the folder of the second user

    Thanks @Twypsy @MrR3boot :)

  • @MrR3boot is there a kind of request limiter on the box?

    Hack The Box
    Silence, i'll hack you!! ;-)

  • edited November 2019

    Finally got logged in shell as user m**** with good help of @hlyblyhakr

    Tomorrow hoping for a little more progress to own user...

    The connection of this box is really wors though, keep dropping connection or is it just me?

    Hack The Box
    Silence, i'll hack you!! ;-)

  • i logged as mango.. but had to go to sleep lets what we can do later when i get home..!

    Arrexel
    OSCP | OSCE half way!

  • W00t w00t !

    Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my shit over that one :)
    Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise

    S1ph1lys

  • @D3Fix said:
    @MrR3boot is there a kind of request limiter on the box?

    Nope.

    MrR3boot
    Learn | Hack | Have Fun

  • @HumanFlyBzzzz said:
    W00t w00t !

    Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my shit over that one :)
    Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise

    Me too :)

    MrR3boot
    Learn | Hack | Have Fun

  • finally got root .. Nice box and very tasty mango .. Learn much more ...

    Thank you who are helped me.

  • rooted, very nice box :D

    amra13579l

  • Finally got root!! Thanks, @MrR3boot for this box, and @hlyblyhakr for the hints.

    Hints for this box:

    User

    • Listen to the responses
    • Don't brute force, you won't get anything from it
    • Dirbuster is not your friend
    • Boxname is a really big hint

    Root

    • Standard enum and get the flag with one simple command
    • gtfobins

    For more hints, PM me. But be clear where you got stuck and what you already have done.

    Hack The Box
    Silence, i'll hack you!! ;-)

  • To seek out new life and new civilizations. To boldly go where no man has gone before!
    ok.... m*ngos were absolutely new to me... but really funny... (kind of irreal security concept ... isnt'it?)

    hints from me?...
    hints from me:
    i made an absolutly ugly script to get an regex password without special chars (ecaped as '.')... and then glued them together with a list of escaped characters... urgh.... but it worked...
    so my hint:
    payloadallthethingsanddontstopthere

    root not to mention... ;).... you'll see it if you're admin...

    thanks for the machine....

  • edited November 2019

    found the login page ~ found the username ~ and well stuck at finding password -__- can someone give me tips for the correct expression code? rooted

    Arrexel

  • edited November 2019

    my way: if its not alphanumeric or the safe specialchars... use regex '.' ... and guess next char... in the end you have an almost perfect password... now search for the missing special char... (of course without regex)...

    ok... again i consider this as ugly... but both passwords only had 1 alien inside... so it
    worked...

  • Type your comment> @GChester said:

    Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the script I run.

    Im not sure if it’s my logic or my poor python modifying ability.

    Same boat :S

  • edited November 2019

    Can someone who has solved this please DM to discuss the password regex details, currently have my script responding to the requests, however I am struggling to pass it in the right way.

    Spknoxy

  • edited November 2019
    [email protected]:~# id
    uid=0(root) gid=0(root) groups=0(root)
    

    As someone with little to no coding skills I finally managed to get root on this box, and I must say it feels like a great accomplishment.

    Thanks @MrR3boot for a great box, and thanks @D3Fix for the hints regarding initial foothold.

    In the end it was one silly character (^) that cost me hours of time and countless hairs on my head. PM me if you need any hints.

    PlayerThree

  • Finally rooted! Great box @MrR3boot !!
    Thank @D3Fix for the hint!

  • @brueh said:
    To seek out new life and new civilizations. To boldly go where no man has gone before!
    ok.... m*ngos were absolutely new to me... but really funny... (kind of irreal security concept ... isnt'it?)

    hints from me?...
    hints from me:
    i made an absolutly ugly script to get an regex password without special chars (ecaped as '.')... and then glued them together with a list of escaped characters... urgh.... but it worked...
    so my hint:
    payloadallthethingsanddontstopthere

    root not to mention... ;).... you'll see it if you're admin...

    thanks for the machine....

    Kind of irreal security concept... isnt'it ? well its not. So many apps sitting in cloud using same technology which mightbe vulnerable to this kinda issue.

    MrR3boot
    Learn | Hack | Have Fun

Sign In to comment.