Mango

Type your comment> @c00de said:

Type your comment> @c00de said:

got user thanks to @SolidTuba
now i’m stuck on the root part
could anyone help me with this ? i’ve found a file 's’ in which i think i’ve got to use G*BINS but i’m stuck here

Rooted, didn’t except the root to be way easier than the user
if anyone needs help can contact me

i have gound under construction page now what shoul i do bro…

Type your comment> @H4ck3d5p4c3 said:

I found the Login Page, I am not sure what to do from here… Despite being told that brute forcing doesn’t work, I tried it anyways just to get some practice and of course, it did not… can someone PM and guide me through this next part. I think I have an idea, but just need a nudge. THANK YOU

Edit 1: Nvm got it and User… Up next Root!

Edit 2: Got root, if anyone needs some help, feel free to message me!

i ahve got user.txt now for root what should i do bro…

fun box :smiley:
coudn’t write a script for user, for whatever reason it just woudn’t work, but it takes about a minute or two with burp :stuck_out_tongue:
root was a little too easy and fast tbh and files in the users home directory might spoil even that

Guys, can anyone help me out with the python script? It seems to be working for a single user, but not for another. From reading these posts, I think the problem may be related to special characters, but I’m at a brick wall. Help appreciated.

rooted this box last saturday night :slight_smile:

User is very tricky :slight_smile: PayLoadAllTheThings can help you to dump users.

Root is very straight forward :slight_smile: #GTFObins

Learn a lot on this box ! Thanks @MrR3boot

Need a bit of a nudge to esc to root…
Found the **s from gtfo to use but am quite stuck as to how I am supposed to use that to my advantage…
Hit me up if you can help pls…

EDIT:okay I am very very dumb!!
Just rooted,feel free to pm for nudge!

Is anyone available to point out where I’m going wrong with my python script? I am about to introduce my computer to the window! Any help appreciated.

i ahve got user.txt now for root what should i do bro…

go get a good drink… relax… enjoy live… do something good for mankind… and think about the meaning of life / the universe / and everything…
but: just dont ask… (bro)

Ok, I’ve got right up to the end with user 2 and trying to run something through j*, but everything I try relating to privesc from g*b*s results in an unresponsive terminal with what looks like a shell hash at the beginning. Anyone have any pointers that will get me out of this rut? Been working on it on and off for a couple of days and getting nowhere.

Hey guys! Is there anyone that could help give me a nudge for my python script? Been stuck for a while now :frowning:

Type your comment> @n00bsys0p said:

Ok, I’ve got right up to the end with user 2 and trying to run something through j*, but everything I try relating to privesc from g*b*s results in an unresponsive terminal with what looks like a shell hash at the beginning. Anyone have any pointers that will get me out of this rut? Been working on it on and off for a couple of days and getting nowhere.

don’t expect too much… no shell needed for ctf… somtimes reading is enough…

Finally got root! That juice extraction gave me a headache. Learned some new stuff.

User: If you don’t get all of the juice, just think about if you are looking at the right positions for new juice.

Root: Basic enumeration should to it!

Can anyone give me a little PM nudge as to how to enumerate the box to find the login page ?

A shout out to @3l0nMu5k for helping me get user. Learnt something new, as usual.

As for ROOT. WTF… lol It was so stupid and simple to get the flag. It was so silly that I still feel incomplete in my soul. lol I did not use GO*b . Just something super simple. :slight_smile:

Happy to help with nudges. :slight_smile:

I have some trouble in mango machines . now , i have a…n and t…2 ,m… and h…U. they are true? but i can’t connect 10.10.10.162:22 ’s SSH ,so what should i do . thx!!!

now i got root , thx for @cloudkh

The initial part was very interesting, I had never used this technique.

User: has already everything
Root: if you can’t do it from the inside, try it from the outside or change your point of view

Tnx @MrR3boot for machine

Interesting box so far…
Detected login page, can authenticate, no clue what to check next! Any hints?

Done! After some struggles and head banging. Thanks @Anonimbus for the push!

Initial Access: The name of the machine + Payloads All The Things
User: Almost same as the beginning
Root: GTFO is the place to be.

PM for push

Finally got root, woah.
Thanks to @MrR3boot for this one.

Some new techniques learned, new scripts written, basic enumeration skills renewed. Now I love mangoes even more.

Initial foothold was the hardest part for me. For all who trying to get in: you already have all the hints in this thread. Let me repeat some that really helped me:

user:

  1. Different site faces to explore, if you can not find your way try to reach the different.
  2. Mango is a key… huh, yes it’s trivial but that’s it.
  3. Check how far are you from home on every step.
  4. CS can help you with a big steps count.
  5. You will get some juicy things after all but it’s not for home use.
  6. Do not leave when you already feel like a fruit, grow yourself up to anyone you want to be.

root:

  1. Basic enumeration, really, just try some

Finally rooted :smiley:

It was an interesting machine and thanks to everyone for the nudges.

root@mango:~# id
uid=0(root) gid=0(root) groups=0(root)