It is an interesting machine, when people say that Mango is a words game, it really is, but don’t try to break your head trying brute force with combinations of this word or similar things, I did it was discouraging.
The escalation is very easy, there is a very clear hint in the folder of the second user
Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise
Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my ■■■■ over that one
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise
To seek out new life and new civilizations. To boldly go where no man has gone before!
ok… m*ngos were absolutely new to me… but really funny… (kind of irreal security concept … isnt’it?)
hints from me?..
hints from me:
i made an absolutly ugly script to get an regex password without special chars (ecaped as ‘.’)… and then glued them together with a list of escaped characters… urgh… but it worked…
so my hint:
payloadallthethingsanddontstopthere
root not to mention… ;)… you’ll see it if you’re admin…
my way: if its not alphanumeric or the safe specialchars… use regex ‘.’ … and guess next char… in the end you have an almost perfect password… now search for the missing special char… (of course without regex)…
ok… again i consider this as ugly… but both passwords only had 1 alien inside… so it
worked…
Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the script I run.
Im not sure if it’s my logic or my poor python modifying ability.
Can someone who has solved this please DM to discuss the password regex details, currently have my script responding to the requests, however I am struggling to pass it in the right way.
@brueh said:
To seek out new life and new civilizations. To boldly go where no man has gone before!
ok… m*ngos were absolutely new to me… but really funny… (kind of irreal security concept … isnt’it?)
hints from me?..
hints from me:
i made an absolutly ugly script to get an regex password without special chars (ecaped as ‘.’)… and then glued them together with a list of escaped characters… urgh… but it worked…
so my hint:
payloadallthethingsanddontstopthere
root not to mention… ;)… you’ll see it if you’re admin…
thanks for the machine…
Kind of irreal security concept... isnt'it ? well its not. So many apps sitting in cloud using same technology which mightbe vulnerable to this kinda issue.
@MrR3boot Thank you soo much for this box learned a lot and well you tested my patience so well to get the credentials
Hints:-
User:
Enumerate Enumerate Enumerate
once you found the page understand the technology behind it.
–where would u store the user name and password?
–does that storage has a name ?
MANGO is a super hint
write some code,exploit it and well you need to have little bit of python knowledge
patience patience patience
you got user and for
Root:
basic enumeration and little bit of GTFOBins and you have root
@AnonSimba said: @MrR3boot Thank you soo much for this box learned a lot and well you tested my patience so well to get the credentials
Hints:-
User:
Enumerate Enumerate Enumerate
once you found the page understand the technology behind it.
–where would u store the user name and password?
–does that storage has a name ?
MANGO is a super hint
write some code,exploit it and well you need to have little bit of python knowledge
patience patience patience
you got user and for
Root:
basic enumeration and little bit of GTFOBins and you have root