Mango

Nice box. learnt a lot. anyone who needs help can Dm me

Rooted! Feel free to contact me for hints :slight_smile:

For the privesc to root, if you’re not seeing what you think you should be seeing in the “basic enumeration” part. Make sure your scripts are up to date, lost 2 hours to trawling the output thinking i must be missing something super basic…

#need a little help with the creds part… My script gives some wrong creds with $ in the end

Done!
Rooted

Nice machine.
Its a bit of a pity that the name gives direction just like that. Enumerating required details would make it more challenging. However I understand the requirement, that the machine name itself should be a hint.
Enjoyed -:slight_smile:

Rooted
Very interesting machine
Thank you

Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).

I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )

Thanks

Edit: I just found the password for one user, but I still can’t find it for the more privileged user

Edit 2: nvm, I got it

Type your comment> @JigglyByt3 said:

Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).

I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )

Thanks

Can your script handle non-alphanumeric characters?

Type your comment> @bumika said:

Type your comment> @JigglyByt3 said:

Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).

I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )

Thanks

Can your script handle non-alphanumeric characters?

Yes, I figured it out in the end.
Thanks for the initiative anyway :slight_smile:

This was a fun one, thank you :slight_smile:

rooted! a********.p** i suppose that is rabbit hole. Box name is big hint.
pm for any hint

There is a script on github that make the user part easier than a lot of boxes :))) You just need to know how to search after you’ve found the back-end service :)))

Drank mango flavored white claws during user and ended with a shot of mango vodka and mango slices upon r00t.

User and rooted. GTFO for root

rooted thanx for hint. @bumika you are my master :))

So I found the login page. (Super simple) but past that I have no idea how to get the users/passwords. Can some one please DM me some assistance.

NVM @blay thanks for the assist.

Finally rooted, fun machine :slight_smile:

Didn’t manage to get a root shell, can someone who did ping me?

Can’t do much with this box, it keeps dropping connection every few minutes. I’m on VIP network as well, so I doubt it’s a Dos. Found the login page and /v***** but not sure what to do with it. Tried running a python script from PayloadsAllTheThings but not getting much reponse as it keeps timing out.

Rooted!
Was Fun, thanks @MrR3boot for the tasty fruits, really enjoyed them.
Thanks to @donkeysnore for the help with building of the script.

Feel free to PM me for some help.
PS: Sorry, discounts codes for the CyberTruck are exhausted.

Type your comment> @dnperfors said:

I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not.
Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machine since normally you don’t know the technology either.

Are there any tools like sqlmap to detect these kind of technology? (Can someone pm me the answer?)

Root was rather easy, the default enum tool called it “interesting” and after that it was quickly over…

which enum tool are you using> LE.s*?