Nice box. learnt a lot. anyone who needs help can Dm me
Rooted! Feel free to contact me for hints
For the privesc to root, if you’re not seeing what you think you should be seeing in the “basic enumeration” part. Make sure your scripts are up to date, lost 2 hours to trawling the output thinking i must be missing something super basic…
#need a little help with the creds part… My script gives some wrong creds with $ in the end
Done!
Rooted
Nice machine.
Its a bit of a pity that the name gives direction just like that. Enumerating required details would make it more challenging. However I understand the requirement, that the machine name itself should be a hint.
Enjoyed -
Rooted
Very interesting machine
Thank you
Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).
I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )
Thanks
Edit: I just found the password for one user, but I still can’t find it for the more privileged user
Edit 2: nvm, I got it
Type your comment> @JigglyByt3 said:
Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )Thanks
Can your script handle non-alphanumeric characters?
Type your comment> @bumika said:
Type your comment> @JigglyByt3 said:
Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )Thanks
Can your script handle non-alphanumeric characters?
Yes, I figured it out in the end.
Thanks for the initiative anyway
This was a fun one, thank you
rooted! a********.p** i suppose that is rabbit hole. Box name is big hint.
pm for any hint
There is a script on github that make the user part easier than a lot of boxes :))) You just need to know how to search after you’ve found the back-end service :)))
Drank mango flavored white claws during user and ended with a shot of mango vodka and mango slices upon r00t.
User and rooted. GTFO for root
So I found the login page. (Super simple) but past that I have no idea how to get the users/passwords. Can some one please DM me some assistance.
NVM @blay thanks for the assist.
Finally rooted, fun machine
Didn’t manage to get a root shell, can someone who did ping me?
Can’t do much with this box, it keeps dropping connection every few minutes. I’m on VIP network as well, so I doubt it’s a Dos. Found the login page and /v***** but not sure what to do with it. Tried running a python script from PayloadsAllTheThings but not getting much reponse as it keeps timing out.
Rooted!
Was Fun, thanks @MrR3boot for the tasty fruits, really enjoyed them.
Thanks to @donkeysnore for the help with building of the script.
Feel free to PM me for some help.
PS: Sorry, discounts codes for the CyberTruck are exhausted.
Type your comment> @dnperfors said:
I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not.
Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machine since normally you don’t know the technology either.Are there any tools like sqlmap to detect these kind of technology? (Can someone pm me the answer?)
Root was rather easy, the default enum tool called it “interesting” and after that it was quickly over…
which enum tool are you using> LE.s*?