Mango

@Gizmet said:

ok, got an under construction page… where next lol

I dont recall that, but if you haven’t already done so, check the certificate.

Great box. Thanks @mRr3b00t.

Getting the foothold took a good 5 days. At least two of those days were spent crying with mango juice stinging my eyes! Then I realized I had to go away and learn a new skill, and I also learned that there are only really two main types of fruit I needed to worry about (hint).

User and root were a fairly quick affair using tricks already learned from the other beginner machines.

Looking through my notes on this box, the information that forms the path is definitely all on the box. No guessing needed at all.

The main takeaway for me would be to never underestimate the power of a good sleep.

Feel free to PM me for hints. I won’t tell you the answers, but I will help you get there.

Got stuck on the “maintenance” page. Can someone give some hints?

Edit: finally I got both users too.

1.) to get user => enumeration
2.) to get root => enumeration + gtfo

PSA for whoever gets the root flag by sending it to their own vm/computer: make sure to rm the . *** .his *** y file!
I stumbled upon someone’s OVPN IP in said file earlier while looking through USER’s home directory for ways to get to root.

User: think outside of the box, dirb and gobuster can help you to find the URL, but actually you don’t need neither of them, the link is exactly in front of your eyes, just enumerate the page you see.
After finding the login page, find out what kind of database mango is using. search for privilege escalation for that service on google.

Root:
Not a big deal, GTFobins is your friend.

Great box, Thank You @MrR3boot

Just completed both user and root a few minutes ago thanks to the great assist from @Merlin01000101 . Great nudge that didn’t ruin anything and allowed me to still solve. I’ll echo most everyone else and say that once you have the initial foothold, this was pretty easy…but that first part…ugh…not easy for me.

Hi Guys

I’m a bit stuck. And could use a little help.

What do I already have:

  1. Login page
  2. An attack vector candidate.

But I don’t get any confirmation that I’m on the right track. So it could also be that I am completely wrong.

Can someone point me in the right direction and possibly even confirm if I am indeed in the right direction?

Thank you very much in advance.

Hi @mrZapp . You are on the right track and what I think you are referring to is called being ‘Blind’. Unfortunately, being blind does limit how you can eat that mango, but you can still eat it!

Type your comment> @Merlin01000101 said:

Hi @mrZapp . You are on the right track and what I think you are referring to is called being ‘Blind’. Unfortunately, being blind does limit how you can eat that mango, but you can still eat it!

Hi ,

Meanwhile found the way to eat the mango.

Now just automate the eating itself :slight_smile:

Oh making that extraction script is gonna take some time… at least for me^^

Anyone offer assistance with extracting passwords? Got to that step but can’t figure out how to pull it off.

Finally rooted this one.

Thanks to @Merlin01000101 for the help!

I don’t have a clue why there are so few questions in the forums about finding the login page. That, to me, was by far the most frustrating part (probably because I wasn’t very familiar with the technologies). Everything else made sense to me, and was a lot of fun.

Thanks @MrR3boot

Edit: Never mind, I was definitely over thinking things.

Still trying to find my way to foothold and wana confirm that I’m not in a rabbit hole.
So far I’ve found a login page and a directory v****/
Am I correct when I’m assuming that the backend is a P** and m*****b combo?
Am I on the right track with the login page?

Hi guys,

I’m working on the extraction script. 1 User succeeded.

But with the second user there is a character with a special meaning in the password.

This makes my script a bit confused because he can no longer find a match.

I could escape this in burp, but in python that doesn’t work.

Anyone want to think along?

Thanks a lot in advance

Edit : Got user on to root now

I’ve read the whole thread and… still no idea how to find that login page… I’ve looked at the certificate. The only thing that might have some significance, as far as I know, is the s*****g-o***r.mango.htb. But I don’t know what to do with it. I suppose there is a concept I am missing. That will be the third day that I am trying to figure it out.

My assumption is that the login page is on another ip… But if that is the case, which one ? and how to find it ?

Can anybody help me ?

deleted

rooted!!!
getting initial user(s) was really hard, its very new topic for me but after that its just running, now i got some new techniques.
thanks for the box !
Feel free to PM me.

Got user onto root

Feel free to DM me if in need of hints

What a ride…

Haven’t felt this much joy and agony for the long time while struggling with the foothold/user. The easy root felt quite good actually after all the despair.
Thank you very much @MrR3boot! I learned a lot!

I don’t have any addition to the tips already given here. PM if you need help and I might be able to help you out! Not gonna write that script for you tho. :wink: