So my feedback…
getting the initial step in was horror…i run totally into a rabbit hole with the analytics tab x(
After I understood the box name, fixed my etc hosts becoming user was pretty straight forward…
root took me just a couple of minutes in the end.
It was nice to learn, to stick to the basics and do not overcomplicate ;D
funny sidegag I just experienced in the forum… try to post
/ e t c / h o s t s
as normal text in a message xD
STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!
I wasted two hours trying to figure out why I couldn’t su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.
People that do this need to be lead to the gallows.
Thanks for this! I also wasted way too much time looking for a privesc because i assumed this wasn’t the route. This comment saved me many more hours of frustration.
After trying a lot of different things and reading 22 pages of terrible and misleading advises i still don’t know how to get to login page. I’m a terrible skid and a shame to this community. Someone put me out of my misery.
Current key is only applicable for *.codepen.io.
Read more info about this error
You are trying to use the following key: Z7U7-XHIF9V-4A5Q3S-343X5O-0P5G1R-5G2G25-6S5F2Q-0Q0F5Z-37
I’m newbie in pentesting world and i’m totally stucked on the login page even after reading the whole topic. I have an idea about the “Mango” word game but I didn’t succeed doing some injection. Can someone confirm me that I have the good idea in PM or give me a nudge in order to progress ?
i ahve got user.txt now for root what should i do bro…
go get a good drink… relax… enjoy live… do something good for mankind… and think about the meaning of life / the universe / and everything…
but: just dont ask… (bro)
the login page is static with me, whenever I login no matter the credentials it gives me the same response as when the normal page loads, Is that normal ?
I finally rooted the box and i learnt a lot of things. But I have a technical question, I didn’t succeed to spawn a shell using the one liners foundable on internet. I could only execute commands but not an interactive shell. Would someone explain me why the spawn shell thing is not working ?
That was a great box!
User was quite harder than root honestly. But learned a lot and got to taste the juiciest mangoes.
Obligatory hints:
User:
Never ignore any error.
Most of the time the machine’s name have relation with the attack vector.
Bruteforcing is a pain in the ■■■, not just for you, but more for others. Write a script instead