Mango

@JadeWolf, @Hilbert, @Quacktop

still stuck at the login page, few suggestions are appreciated :slight_smile:

For anybody having trouble finding out whats running behind the curtain: after the new way has opened up for you, return to basic enumeration, there is something to be found if you follow the path.

For the next step, Listen closely to the responses you get, it’s not as blind as you may think it is. There are a few articles out there outlining the process.

Regarding root, looked up gtfobins for the thing I thought I found, unfortunately it didn’t work. Would be glad about any pointers ! Thanks

more nudge please I got HTTP/1.1 302 Found

I had fun with this box. I went down a hole and missed the obvious with root. Once I noticed the correct path it was a matter of minutes. PM for nudges.

Managed to get the Root Flag. Great box!

And thanks again for the nudge @Pir4t3

Got user yesterday and finally pwnt root this morning.
Getting user was a lot of fun.

Loved this box!

Stop bashing this machine please, not fun anymore. This box keeps come online and within 1 minute it’s unavailable again

It is an interesting machine, when people say that Mango is a words game, it really is, but don’t try to break your head trying brute force with combinations of this word or similar things, I did it was discouraging.

The escalation is very easy, there is a very clear hint in the folder of the second user

Thanks @Twypsy @MrR3boot :slight_smile:

@MrR3boot is there a kind of request limiter on the box?

Finally got logged in shell as user m**** with good help of @hlyblyhakr

Tomorrow hoping for a little more progress to own user…

The connection of this box is really wors though, keep dropping connection or is it just me?

Spoiler Removed

W00t w00t !

Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one :slight_smile:
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise

@D3Fix said:
@MrR3boot is there a kind of request limiter on the box?

Nope.

@HumanFlyBzzzz said:
W00t w00t !

Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one :slight_smile:
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise

Me too :slight_smile:

finally got root … Nice box and very tasty mango … Learn much more …

Thank you who are helped me.

rooted, very nice box :smiley:

Finally got root!! Thanks, @MrR3boot for this box, and @hlyblyhakr for the hints.

Hints for this box:

User

  • Listen to the responses
  • Don’t brute force, you won’t get anything from it
  • Dirbuster is not your friend
  • Boxname is a really big hint

Root

  • Standard enum and get the flag with one simple command
  • gtfobins

For more hints, PM me. But be clear where you got stuck and what you already have done.

To seek out new life and new civilizations. To boldly go where no man has gone before!
ok… m*ngos were absolutely new to me… but really funny… (kind of irreal security concept … isnt’it?)

hints from me?..
hints from me:
i made an absolutly ugly script to get an regex password without special chars (ecaped as ‘.’)… and then glued them together with a list of escaped characters… urgh… but it worked…
so my hint:
payloadallthethingsanddontstopthere

root not to mention… ;)… you’ll see it if you’re admin…

thanks for the machine…

found the login page ~ found the username ~ and well stuck at finding password -__- can someone give me tips for the correct expression code? rooted