still stuck at the login page, few suggestions are appreciated
For anybody having trouble finding out whats running behind the curtain: after the new way has opened up for you, return to basic enumeration, there is something to be found if you follow the path.
For the next step, Listen closely to the responses you get, it’s not as blind as you may think it is. There are a few articles out there outlining the process.
Regarding root, looked up gtfobins for the thing I thought I found, unfortunately it didn’t work. Would be glad about any pointers ! Thanks
more nudge please I got HTTP/1.1 302 Found
I had fun with this box. I went down a hole and missed the obvious with root. Once I noticed the correct path it was a matter of minutes. PM for nudges.
Got user yesterday and finally pwnt root this morning.
Getting user was a lot of fun.
Loved this box!
Stop bashing this machine please, not fun anymore. This box keeps come online and within 1 minute it’s unavailable again
It is an interesting machine, when people say that Mango is a words game, it really is, but don’t try to break your head trying brute force with combinations of this word or similar things, I did it was discouraging.
The escalation is very easy, there is a very clear hint in the folder of the second user
Finally got logged in shell as user m**** with good help of @hlyblyhakr
Tomorrow hoping for a little more progress to own user…
The connection of this box is really wors though, keep dropping connection or is it just me?
Spoiler Removed
W00t w00t !
Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise
@HumanFlyBzzzz said:
W00t w00t !Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise
Me too
finally got root … Nice box and very tasty mango … Learn much more …
Thank you who are helped me.
rooted, very nice box
Finally got root!! Thanks, @MrR3boot for this box, and @hlyblyhakr for the hints.
Hints for this box:
User
- Listen to the responses
- Don’t brute force, you won’t get anything from it
- Dirbuster is not your friend
- Boxname is a really big hint
Root
- Standard enum and get the flag with one simple command
gtfobins
For more hints, PM me. But be clear where you got stuck and what you already have done.
To seek out new life and new civilizations. To boldly go where no man has gone before!
ok… m*ngos were absolutely new to me… but really funny… (kind of irreal security concept … isnt’it?)
hints from me?..
hints from me:
i made an absolutly ugly script to get an regex password without special chars (ecaped as ‘.’)… and then glued them together with a list of escaped characters… urgh… but it worked…
so my hint:
payloadallthethingsanddontstopthere
root not to mention… ;)… you’ll see it if you’re admin…
thanks for the machine…
found the login page ~ found the username ~ and well stuck at finding password -__- can someone give me tips for the correct expression code? rooted
my way: if its not alphanumeric or the safe specialchars… use regex ‘.’ … and guess next char… in the end you have an almost perfect password… now search for the missing special char… (of course without regex)…
ok… again i consider this as ugly… but both passwords only had 1 alien inside… so it
worked…