Mango

User and rooted. GTFO for root

rooted thanx for hint. @bumika you are my master :))

So I found the login page. (Super simple) but past that I have no idea how to get the users/passwords. Can some one please DM me some assistance.

NVM @blay thanks for the assist.

Finally rooted, fun machine :slight_smile:

Didn’t manage to get a root shell, can someone who did ping me?

Can’t do much with this box, it keeps dropping connection every few minutes. I’m on VIP network as well, so I doubt it’s a Dos. Found the login page and /v***** but not sure what to do with it. Tried running a python script from PayloadsAllTheThings but not getting much reponse as it keeps timing out.

Rooted!
Was Fun, thanks @MrR3boot for the tasty fruits, really enjoyed them.
Thanks to @donkeysnore for the help with building of the script.

Feel free to PM me for some help.
PS: Sorry, discounts codes for the CyberTruck are exhausted.

Type your comment> @dnperfors said:

I rooted mango yesterday, although I didn’t get the shell. I am still deciding if I liked the box or not.
Guessing the technology was a pain and I only found out because of what others said on the forum. I guess this part makes it a real life machine since normally you don’t know the technology either.

Are there any tools like sqlmap to detect these kind of technology? (Can someone pm me the answer?)

Root was rather easy, the default enum tool called it “interesting” and after that it was quickly over…

which enum tool are you using> LE.s*?

got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here

Type your comment> @c00de said:

got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here

Rooted, didn’t except the root to be way easier than the user
if anyone needs help can contact me

Can someone PM me a hint?
I got the login page and I think to know what DB is behind it. I am pretty stuck now. I think I have also found some rabbit holes…

Initial foothold was challenging for me but I can see where to improve my enumeration. Root is pretty simple. Thanks to @blay for helping me out

I still didnt even find login page, I tried 700k wordlist no luck. Anyone help ?

Type your comment> @noi said:

I still didnt even find login page, I tried 700k wordlist no luck. Anyone help ?

look at what you agreed with when you went to https

Spoiler Removed

Man this one was a blast… Good job on the maker.

Got user and finally root, GTFOBins was helpful. Great box! Thanks to @bumika and @c00de for hints and tips for user. PM for hints if you are stuck.

Would somebody be willing to look over my python script and point out any obvious issues? I’m generating password combinations but when I try to enter my final pwd it’s not working the way that is expected.

Type your comment> @frostydog said:

Would somebody be willing to look over my python script and point out any obvious issues? I’m generating password combinations but when I try to enter my final pwd it’s not working the way that is expected.

You may add some additional special characters to your “set”.

Cannot find the credentials, but found the login page, the search page and a****s.p.

Any hint on how to find the creds to login?

Anyway I got root anyone need help, you can send pm!