Mango

Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).

I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )

Thanks

Edit: I just found the password for one user, but I still can’t find it for the more privileged user

Edit 2: nvm, I got it

Type your comment> @JigglyByt3 said:

Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).

I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )

Thanks

Can your script handle non-alphanumeric characters?

Type your comment> @bumika said:

Type your comment> @JigglyByt3 said:

Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).

I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )

Thanks

Can your script handle non-alphanumeric characters?

Yes, I figured it out in the end.
Thanks for the initiative anyway :slight_smile:

This was a fun one, thank you :slight_smile:

rooted! a********.p** i suppose that is rabbit hole. Box name is big hint.
pm for any hint

There is a script on github that make the user part easier than a lot of boxes :))) You just need to know how to search after you’ve found the back-end service :)))

Drank mango flavored white claws during user and ended with a shot of mango vodka and mango slices upon r00t.

User and rooted. GTFO for root

rooted thanx for hint. @bumika you are my master :))

So I found the login page. (Super simple) but past that I have no idea how to get the users/passwords. Can some one please DM me some assistance.

NVM @blay thanks for the assist.

Finally rooted, fun machine :slight_smile:

Didn’t manage to get a root shell, can someone who did ping me?

Can’t do much with this box, it keeps dropping connection every few minutes. I’m on VIP network as well, so I doubt it’s a Dos. Found the login page and /v***** but not sure what to do with it. Tried running a python script from PayloadsAllTheThings but not getting much reponse as it keeps timing out.

Rooted!
Was Fun, thanks @MrR3boot for the tasty fruits, really enjoyed them.
Thanks to @donkeysnore for the help with building of the script.

Feel free to PM me for some help.
PS: Sorry, discounts codes for the CyberTruck are exhausted.

Type your comment> @dnperfors said:

I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not.
Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machine since normally you don’t know the technology either.

Are there any tools like sqlmap to detect these kind of technology? (Can someone pm me the answer?)

Root was rather easy, the default enum tool called it “interesting” and after that it was quickly over…

which enum tool are you using> LE.s*?

got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here

Type your comment> @c00de said:

got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here

Rooted, didn’t except the root to be way easier than the user
if anyone needs help can contact me

Can someone PM me a hint?
I got the login page and I think to know what DB is behind it. I am pretty stuck now. I think I have also found some rabbit holes…

Initial foothold was challenging for me but I can see where to improve my enumeration. Root is pretty simple. Thanks to @blay for helping me out

I still didnt even find login page, I tried 700k wordlist no luck. Anyone help ?

Type your comment> @noi said:

I still didnt even find login page, I tried 700k wordlist no luck. Anyone help ?

look at what you agreed with when you went to https