Quite a fun box! Once you do it, it should be straight forward to do some of the new web challenges. Thank you, @MrR3boot , for making this available!
User: enumerate your life away! if you stumble into a page that seems not to be working, play around with it and you may realise it does work. Be persistent and you may get some juice!
Root: quite straight forward, it is hard to miss - but make sure you are using your second user.
and as they say in portuguese… “chupa essa manga!”
Rooted! User was a pain in the but where you had to find the correct backend technology and use the correct juicer. Once you have the right usernameS though, the rest is pretty straightforward. Root was a matter of enumeration LinEnum.sh always helps me the best.
All in all a very enjoyable box, thanks @MrR3boot!
Can anyone point me in the direction of finding the vulnerable backend code that makes finding users and passwords possible? I rooted the box, but want to look at the code that makes the box the way it is. I understand Apache acts as the front end, but I am not sure where web requests go after that, is there even a backend? Or does Apache do that too?
Finally got the root, some hints for the frustrated ones:
initial foothold: consider what are the things you do when you see login pages.
user flag: put your feet up and enjoy the show
root flag: multiple ways to exploit because of GTFOBins beauty
Just got user. It took me a few hours of banging my head on the table, but hints on the forums were super helpful. In all fairness to @MrR3boot the user part is very realistic.
I’m a total noob, literally started reading about pentesting a week ago and I picked Mango after Postman as I thought it was an easy one. Well, I finally got the root flag but I have been sweating for two days on this one and I must say I would not have understood the fruity innuendo it it wasn’t for this forum…
so thanks everyone for the hints, they allow people just starting to make progress without giving away everything and still making the progress very fun.
User was super challenging for me but really rewarding at the end!
Contrary to what most people said, I did struggle a bit going from user to root, mainly because I got entangled trying to actually making a full root shell for this box. I actually haven’t managed that completely, but just getting the flag was much easier and I got that quickly.
Thanks so much for the nice box to @mRr3b00t !
Any recommendation for a next one at around the same level (and mostly linux based as I really have to learn more about windows before I adventure there)?
I have found a login page, but no matter what I do I only get one response from it. I suspect maybe it’s not where I’m supposed to be looking. Any nudges would be appreciated.
Rooted.
User was indeed quite hard…once i got the initial step in, i was really perplexed.
Honestly, seeing at the early dawn of 2020 such a 1980’s movie style hack was quite a surprise for me…this is stuff I was used to see coming out from the screen of my 386 when i was “doing things” with blueboxes and v.32 modems…Funny! *<:o)
root: everyone here has already said whatever is needed.
Thanks @Nobodyatall for helping me in sorting out what was wrong on my script. @MrR3boot: Thanks for this box, it really made me jump back to the late '80s…
I am stuck trying to extract creds. I was able to reach the login page and the “Under” page but unable to get a working python script to find users and passwords. Can someone help with pushing me in the right direction to get a working script or tell me if I am going about it the wrong way? Please PM.
I am stuck trying to extract creds. I was able to reach the login page and the “Under” page but unable to get a working python script to find users and passwords. Can someone help with pushing me in the right direction to get a working script or tell me if I am going about it the wrong way? Please PM.
Hi guys! I have got the initial foothold, ran Li*****.s*, got juice; but in order to exploit that you need **m*n level privs. Hence I am unable to do so. Any pointers?
STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!
I wasted two hours trying to figure out why I couldn’t su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.
People that do this need to be lead to the gallows.
■■■■! Exact same. I wasted 3 hours trynna su with the password I extracted initially and boy it wasn’t working. Thanks man!
Hi, i’m stuck on getting user flag.
I got two creds from the login page: m+++o and a+++n ( thanks to payloadsallthethings and python script).
So now I can ssh only with m+++o but i have to be a+++n to get the user flag. I believe i have to use a***n creds somewhere… any hints men??