Mango

I just rooted this box! :smiley:
Thanks to @Propolis for giving me the right hints when I needed them and to @MrR3boot for the box.

This box was a huge learning opportunity for me and it was heaps of fun. There’s only one thing I didn’t like about it…

Here are my tips:

  • Initial foothold: You need to closely examine the box. Standard enumeration tools won’t get you far. Look at things you might normally not look at like the certificate… and don’t forget about your hosts!
  • User: Find the technology that is behind the site and use a common attack possibility for that technology. Closely examining responses and requests can help tremendously. As far as I know, there is no “technical” way to find the technology and you need to guess it (and that is the only thing I don’t like - if there is a way, I’d be happy to learn and would be grateful for a PM!) BUT the box name is a big hint… you might have to switch out some vowels, though :wink: Be prepared to write your on script to get further. There are some scripts online that can help, but they’re hard to find. However, there is a huge list of hacking stuff on github that contains very useful information! (I think the link was dropped in this thread somewhere, but I’m not sure). Once you’re in, you need to change user. Don’t think too complex, just remember what you found before and don’t try anything fancy.
  • Root: Much easier than user. Use standard Linux Enum techniques and use an interesting service. It’s possible to get a real root shell, but you can also just read the root.txt without doing that.

Also struggling a lot with the foothold. I got some info out of the cert but I’m not sure how to use this (standard translation of the info doesn’t work).
Also found the fruit but I’m not sure how to eat it. Found a script that would help me but I’m not sure about the request and parameters.
I’d appreciate some help :smile:

Thanks @MrR3boot for “our happy childhood” :slight_smile:
Here likes foggy tips but it expression of thankfulness with foggy allusion

PS Use google about soviet history :slight_smile:

rooted, thanks to the creator. I got lucky for user i think but root was a lot harder.

User hint : Enumerate the web page and look at why the url is giving certificate errors. I found a custom attack for this backend straight away so got quite lucky in that respect as there are also quite a few rabbit holes which i found when going for root.

Root Hint : Look at standard priv esc elements. A lot of entries for one of them and its a case of trial and error and doing some googling to see how each of them work. Interpreters are key.

Enjoy.

Nugget!

I’ve rooted this box, but I got help for the first foothold (i.e. mango) My question is apart from the name how were you supposed to know this server ran this backend? pm please

Wow! Got root! :smiley:

Really loved the enumeration method I learned while getting user, thank you so much @MrR3boot for this opportunity! Gaining root has been super easy compared to the user

Very nice box, a little frustrating at the beginning because it looks like there is nothing to get data from, but after the initial steps you’ll start noticing interesting stuff and sooner or later you’ll get to the point :wink:

If anyone is available, I could use some help with the initial foothold.

Type your comment> @mike0x73 said:

I like mangos

does flexmonster useful ?

@rholas said:
&login=login a little strange maybe h.dra… or pata …

from a***.p the flexmonster is useful or not ?

ive got two passwords … 1 for an and the other for mo.

i can ssh in with mo but not an … even though the password works for a***n on the website

Type your comment> @ReT said:

ive got two passwords … 1 for an and the other for mo.

i can ssh in with mo but not an … even though the password works for a***n on the website

Well that means the a**m password is not for ssh. How else can you become admin?

So my feedback…
getting the initial step in was horror…i run totally into a rabbit hole with the analytics tab x(
After I understood the box name, fixed my etc hosts becoming user was pretty straight forward…
root took me just a couple of minutes in the end.

It was nice to learn, to stick to the basics and do not overcomplicate ;D

funny sidegag I just experienced in the forum… try to post
/ e t c / h o s t s
as normal text in a message xD

Rooted.

Rooted , great box!

Type your comment> @dividebyzer0 said:

STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!

I wasted two hours trying to figure out why I couldn’t su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.

People that do this need to be lead to the gallows.

Thanks for this! I also wasted way too much time looking for a privesc because i assumed this wasn’t the route. This comment saved me many more hours of frustration.

After trying a lot of different things and reading 22 pages of terrible and misleading advises i still don’t know how to get to login page. I’m a terrible skid and a shame to this community. Someone put me out of my misery.

Rooted.

it’s hard for me

Hey i am getting an error in ana****.php

Current key is only applicable for *.codepen.io.
Read more info about this error
You are trying to use the following key: Z7U7-XHIF9V-4A5Q3S-343X5O-0P5G1R-5G2G25-6S5F2Q-0Q0F5Z-37

can anyone help me with this?

Hello everybody,

I’m newbie in pentesting world and i’m totally stucked on the login page even after reading the whole topic. I have an idea about the “Mango” word game but I didn’t succeed doing some injection. Can someone confirm me that I have the good idea in PM or give me a nudge in order to progress ?

Thanks a lot !