Mango

Quite a fun box! Once you do it, it should be straight forward to do some of the new web challenges. Thank you, @MrR3boot , for making this available!

User: enumerate your life away! if you stumble into a page that seems not to be working, play around with it and you may realise it does work. Be persistent and you may get some juice!

Root: quite straight forward, it is hard to miss - but make sure you are using your second user.

and as they say in portuguese… “chupa essa manga!” :smiley:

Rooted! User was a pain in the but where you had to find the correct backend technology and use the correct juicer. Once you have the right usernameS though, the rest is pretty straightforward. Root was a matter of enumeration LinEnum.sh always helps me the best.

All in all a very enjoyable box, thanks @MrR3boot!

Can anyone point me in the direction of finding the vulnerable backend code that makes finding users and passwords possible? I rooted the box, but want to look at the code that makes the box the way it is. I understand Apache acts as the front end, but I am not sure where web requests go after that, is there even a backend? Or does Apache do that too?

Finally got the root, some hints for the frustrated ones:

initial foothold: consider what are the things you do when you see login pages.
user flag: put your feet up and enjoy the show
root flag: multiple ways to exploit because of GTFOBins beauty

PM for more hints, cheers.

Discord → CodeAlphaSix

I enjoyed this box, really good. There are plenty of hints in the forum already but if you need a nudge, PM via discord.

Just got user. It took me a few hours of banging my head on the table, but hints on the forums were super helpful. In all fairness to @MrR3boot the user part is very realistic.

I’m a total noob, literally started reading about pentesting a week ago and I picked Mango after Postman as I thought it was an easy one. Well, I finally got the root flag but I have been sweating for two days on this one and I must say I would not have understood the fruity innuendo it it wasn’t for this forum…
so thanks everyone for the hints, they allow people just starting to make progress without giving away everything and still making the progress very fun.
User was super challenging for me but really rewarding at the end!

Contrary to what most people said, I did struggle a bit going from user to root, mainly because I got entangled trying to actually making a full root shell for this box. I actually haven’t managed that completely, but just getting the flag was much easier and I got that quickly.

Thanks so much for the nice box to @mRr3b00t !
Any recommendation for a next one at around the same level (and mostly linux based as I really have to learn more about windows before I adventure there)?

I have found a login page, but no matter what I do I only get one response from it. I suspect maybe it’s not where I’m supposed to be looking. Any nudges would be appreciated.

Just rooted it! Enumeration is key! Let me know if you need some help!

Rooted.
User was indeed quite hard…once i got the initial step in, i was really perplexed.
Honestly, seeing at the early dawn of 2020 such a 1980’s movie style hack was quite a surprise for me…this is stuff I was used to see coming out from the screen of my 386 when i was “doing things” with blueboxes and v.32 modems…Funny! *<:o)

root: everyone here has already said whatever is needed.
Thanks @Nobodyatall for helping me in sorting out what was wrong on my script.
@MrR3boot: Thanks for this box, it really made me jump back to the late '80s…

Thanks to the creator of the machine

The user was the most costly to get and referring to the root scaling is not difficult greetings to all

I am stuck trying to extract creds. I was able to reach the login page and the “Under” page but unable to get a working python script to find users and passwords. Can someone help with pushing me in the right direction to get a working script or tell me if I am going about it the wrong way? Please PM.

Type your comment> @untouchable1 said:

I am stuck trying to extract creds. I was able to reach the login page and the “Under” page but unable to get a working python script to find users and passwords. Can someone help with pushing me in the right direction to get a working script or tell me if I am going about it the wrong way? Please PM.

Did you manage it? If not, Pm me

So rooted. If anyone has been able to pop a root shell, i’d like to discuss it.

Hi guys! I have got the initial foothold, ran Li*****.s*, got juice; but in order to exploit that you need **m*n level privs. Hence I am unable to do so. Any pointers?

Type your comment> @dividebyzer0 said:

STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!

I wasted two hours trying to figure out why I couldn’t su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.

People that do this need to be lead to the gallows.

■■■■! Exact same. I wasted 3 hours trynna su with the password I extracted initially and boy it wasn’t working. Thanks man!

Very cool box. Thanks to the creator! :slight_smile: If anyone needs slight nudges, feel free to PM!

fun box ,
thanx @MrR3boot this was fun.

user : after you figure out thats this is “not sql” …you will know its not a “mango”, exploit it .

root: way way more easy then user … try GTFOBins

Hi, i’m stuck on getting user flag.
I got two creds from the login page: m+++o and a+++n ( thanks to payloadsallthethings and python script).
So now I can ssh only with m+++o but i have to be a+++n to get the user flag. I believe i have to use a***n creds somewhere… any hints men??

Finally rooted!!

Someone changed the password of user, wasted a day finding other ways.