Mango

HTB Content Machines
290

Rooted! Had much fun with the machine, kudos to maker :slight_smile:

Tips for user

  • Enum thoroughly
  • If something seems like mostly frontend app it’s probably a rabbit hole
  • The rabbit hole might be also useful to show what kind of technologies are preffered on the server
  • When you finally stand at the door forget about all the “similar to mango” tips. It’s seems really clever when you already know the answer but not really helpful if you don’t. (or maybe I’m just dumb)
  • Think like a hacker instead. Try to bypass the security in different technologies’ payloads. Think back to the rabbit hole. What kind of technologies were used there?
  • After bypassing the security think how to exploit even more on the vuln.

Tips for root:

  • Pretty much straightforward. Basic enum will show you the way

PM me for nudges if needed