Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).
I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )
Thanks
Edit: I just found the password for one user, but I still can’t find it for the more privileged user
Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).
I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )
Thanks
Can your script handle non-alphanumeric characters?
Hello,
With some help from Google and other resources I’ve been able to enumerate 2 users, however when trying to enumerate the passwords, something goes wrong ( I retrieve them, but I’m not able to login).
I can’t tell if I’ve got something wrong with the script. I’m not sure why I could enumerate the users, but I can’t do the same for the passwords.
So any help would be greatly appreaciated since I’ve spent 2 days on this box ( pretty new to this kind of stuff )
Thanks
Can your script handle non-alphanumeric characters?
Yes, I figured it out in the end.
Thanks for the initiative anyway
There is a script on github that make the user part easier than a lot of boxes :))) You just need to know how to search after you’ve found the back-end service :)))
Can’t do much with this box, it keeps dropping connection every few minutes. I’m on VIP network as well, so I doubt it’s a Dos. Found the login page and /v***** but not sure what to do with it. Tried running a python script from PayloadsAllTheThings but not getting much reponse as it keeps timing out.
I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not.
Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machine since normally you don’t know the technology either.
Are there any tools like sqlmap to detect these kind of technology? (Can someone pm me the answer?)
Root was rather easy, the default enum tool called it “interesting” and after that it was quickly over…
got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here
got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here
Rooted, didn’t except the root to be way easier than the user
if anyone needs help can contact me
Can someone PM me a hint?
I got the login page and I think to know what DB is behind it. I am pretty stuck now. I think I have also found some rabbit holes…