Mango

I think I’m not getting all the characters in the password. I could do with the help with my juice extraction script =) anyone i can DM about this?

Pulling my hair out, I must be missing something. I found i*******p and have extracted two usernames using the snake. No matter how I edit my parameters, I can’t seem to get anything but 200s when attempting to extract password(s). Help a n00b out? Can’t wait to figure out what I’m doing wrong.

edit: I broke my script somewhere in between pulling my first and last hairs. Disregard :slight_smile:

Not sure how people made “the script” working, it failed on me several times. I just extracted the information manually with wfuzz (burp intruder also works). There is a good article out there or even some good initial payloads on PayloadsAllTheThings repo

Just remember that some character are going to break the “payload” so you can’t trust the response if you have them in the request…

After 3 days and help from multiple forum members who I will tag when I get user and root flags/complete the box, I’ve reached the “Under Construction” page. I assumed it’d be time to move onto **H now that I’ve extracted creds but no matter what I try, I can’t find the right combination to gain **H access. Any nudgers awake?


@up2nogood You have to be patient; a lot of people are from different countries and are just on different schedules. Also, this box is what, 3 months old now? Anytime I need to message someone about a box I’m on, I click their name and check their last active date. I’m still getting help on this box (need help getting root right now if anyone can message me) but I’ve had no trouble finding 4-6 people to help me out over the past 2-3 days. As far as hints go, yeah, I agree they can be a little TOO cryptic sometimes but it’s to force you to learn. If you need help on this box (I’m FAR from good at this *hit), I’ve gotten user flag and am working on root right now. Hit me up and I’ll try to share what I’ve learned, without giving you the answers right away, but I promise not to be so cryptic :slight_smile:

Alright, I have an SSH connection with admin shell and have downloaded and ran LinEnum, but I have no idea what to look for to get root… Also, I’d love to pop a reverse shell. I’m used to seeing www-data shells in videos, etc. Anyway awake that can help out?

Enjoying myself some juicy mango :slight_smile:
Foothold was quite the challenge for me.

Thank you for the box @MrR3boot

Found the login page (Mango | Sweet & Juicy ) . I found the backend DB name. I found the exploits for it in PayloadsAllTheThings. But can’t perform in that login page to get creds. Can anyone give me a nudge or help? Thank you for all.

Rooted! After a brutal 4 days and LOTS of help. Couldn’t have done it without guidance from @FLameDay, @peterdjalaliev, @salt, @lukeasec and most of all, @Spaxy (I’m so sorry if I’ve left anyone out!). Feel free to PM if you need any nudges. I’ve already been receiving messages from some of you and i hope I can provide some assistance, even though I’m probably the worst person to ask for help. What I do, do, though, is take detailed notes and make sure to notate what I did, why I did it, why it worked, how it worked and how to proceed, etc.

Also, I’m usually VERY good about “respecting” as soon as someone replies to/messages me. If I forgot to give respect and you helped me with this box, please let me know! Thank you @MrR3boot for the box. I learned a lot, on my own and moreso from other members.

Hello! I need an hand of help in the script, could someone pm me? :slight_smile:

Got root…!!!
So this was a pretty easy box if we figureout what technology is used.
the initial foothold was a little bit frustrating but then it was quite easy.
Thankyou @Zer0xdz , @facelessCoder for nudges
Feel free to DM for nudges.

Anyone able to pop a rev shell/root rev shell? Even though I’ve completed the box, I didn’t accomplish everything I wanted to.

Finally Rooted after one day struggle <3 Thanks @MrR3boot for such a great machine, learned a-lot.

Same thing I learn from every machine “Take a break, don’t quit”

PM me for a nudge

@SullyInATX said:

Anyone able to pop a rev shell/root rev shell? Even though I’ve completed the box, I didn’t accomplish everything I wanted to.

Instead of using the attack to read something, you could use it to write a key and then get access.

I managed to get to the maintenance page, but haven’t found any logins so far. Am I missing something obvious? any nudges please

EDIT: I rooted the box. Man the initial foothold is a beast, root not so much. Awesome box @MrR3boot !

Type your comment> @TazWake said:

@SullyInATX said:

Anyone able to pop a rev shell/root rev shell? Even though I’ve completed the box, I didn’t accomplish everything I wanted to.

Instead of using the attack to read something, you could use it to write a key and then get access.

Thanks for the tip. I’ll give it a go when I get some free time… Just started Obscurity (… initial recon is looking horrible) so I’ll probably go back to it then, retired or not, and try it.

Any nudge to get root?

@sko said:
Any nudge to get root?

Getting root is just basic enumeration. LinEnum should be able to help you out in that regard.