• Rooted!

    user : easy
    root : piece of cake

    PM for help or look at the signature

  • edited March 24

    could somebody please help me? im pretty new and I cant manage to find the login page...
    THX :)

  • edited March 24

    I just rooted this box! :smiley:
    Thanks to @Propolis for giving me the right hints when I needed them and to @MrR3boot for the box.

    This box was a huge learning opportunity for me and it was heaps of fun. There's only one thing I didn't like about it...

    Here are my tips:

    • Initial foothold: You need to closely examine the box. Standard enumeration tools won't get you far. Look at things you might normally not look at like the certificate... and don't forget about your hosts!
    • User: Find the technology that is behind the site and use a common attack possibility for that technology. Closely examining responses and requests can help tremendously. As far as I know, there is no "technical" way to find the technology and you need to guess it (and that is the only thing I don't like - if there is a way, I'd be happy to learn and would be grateful for a PM!) BUT the box name is a big hint... you might have to switch out some vowels, though ;) Be prepared to write your on script to get further. There are some scripts online that can help, but they're hard to find. However, there is a huge list of hacking stuff on github that contains very useful information! (I think the link was dropped in this thread somewhere, but I'm not sure). Once you're in, you need to change user. Don't think too complex, just remember what you found before and don't try anything fancy.
    • Root: Much easier than user. Use standard Linux Enum techniques and use an interesting service. It's possible to get a real root shell, but you can also just read the root.txt without doing that.
  • Also struggling a lot with the foothold. I got some info out of the cert but I'm not sure how to use this (standard translation of the info doesn't work).
    Also found the fruit but I'm not sure how to eat it. Found a script that would help me but I'm not sure about the request and parameters.
    I'd appreciate some help :smile:

  • Thanks @MrR3boot for "our happy childhood" :)
    Here likes foggy tips but it expression of thankfulness with foggy allusion

    PS Use google about soviet history :)

  • rooted, thanks to the creator. I got lucky for user i think but root was a lot harder.

    User hint : Enumerate the web page and look at why the url is giving certificate errors. I found a custom attack for this backend straight away so got quite lucky in that respect as there are also quite a few rabbit holes which i found when going for root.

    Root Hint : Look at standard priv esc elements. A lot of entries for one of them and its a case of trial and error and doing some googling to see how each of them work. Interpreters are key.



  • I've rooted this box, but I got help for the first foothold (i.e. mango) My question is apart from the name how were you supposed to know this server ran this backend? pm please


  • Wow! Got root! :smiley:

    Really loved the enumeration method I learned while getting user, thank you so much @MrR3boot for this opportunity! Gaining root has been super easy compared to the user

    Very nice box, a little frustrating at the beginning because it looks like there is nothing to get data from, but after the initial steps you'll start noticing interesting stuff and sooner or later you'll get to the point :wink:

  • If anyone is available, I could use some help with the initial foothold.

  • Type your comment> @mike0x73 said:

    I like mangos

    does flexmonster useful ?

  • @rholas said:
    &login=login a little strange maybe h.dra.. or pata ..

    from a***.p the flexmonster is useful or not ?

  • ive got two passwords ... 1 for an and the other for mo.

    i can ssh in with mo but not an ... even though the password works for a***n on the website

  • Type your comment> @ReT said:

    ive got two passwords ... 1 for an and the other for mo.

    i can ssh in with mo but not an ... even though the password works for a***n on the website

    Well that means the a**m password is not for ssh. How else can you become admin?


  • So my feedback...
    getting the initial step in was horror..i run totally into a rabbit hole with the analytics tab x(
    After I understood the box name, fixed my etc hosts becoming user was pretty straight forward...
    root took me just a couple of minutes in the end.

    It was nice to learn, to stick to the basics and do not overcomplicate ;D

    funny sidegag I just experienced in the forum.. try to post
    / e t c / h o s t s
    as normal text in a message xD

  • Rooted , great box!

  • Type your comment> @dividebyzer0 said:


    I wasted two hours trying to figure out why I couldn't su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.

    People that do this need to be lead to the gallows.

    Thanks for this! I also wasted way too much time looking for a privesc because i assumed this wasn't the route. This comment saved me many more hours of frustration.


  • After trying a lot of different things and reading 22 pages of terrible and misleading advises i still don't know how to get to login page. I'm a terrible skid and a shame to this community. Someone put me out of my misery.

  • Rooted.


  • it's hard for me

  • Hey i am getting an error in ana****.php

    Current key is only applicable for *
    Read more info about this error
    You are trying to use the following key: Z7U7-XHIF9V-4A5Q3S-343X5O-0P5G1R-5G2G25-6S5F2Q-0Q0F5Z-37

    can anyone help me with this?


  • Hello everybody,

    I'm newbie in pentesting world and i'm totally stucked on the login page even after reading the whole topic. I have an idea about the "Mango" word game but I didn't succeed doing some injection. Can someone confirm me that I have the good idea in PM or give me a nudge in order to progress ?

    Thanks a lot !

  • Type your comment> @brueh said:

    i ahve got user.txt now for root what should i do bro...

    go get a good drink... relax... enjoy live.... do something good for mankind... and think about the meaning of life / the universe / and everything...
    but: just dont ask... (bro)

    You need to chill with drugs

  • Rooted this delicious box, lemme know if y'all need a nudge or two

    If my hints help you out, remember to +respect me

  • the login page is static with me, whenever I login no matter the credentials it gives me the same response as when the normal page loads, Is that normal ?

  • edited April 2


    plenty of rabbit holes to dive in but the path is quite straightforward.

    • remember that apache can be configured in different ways and pay attention to http responses you get
    • do some basic web enumeration
    • when you get a hint of a possible vulnerable spot, google for common attack vectors -- the right tool here will greatly simplify your life
    • the road to the root from here is short and simple

    good luck

  • Rooted :)
    pretty Easy
    1) find web
    2) enum username and password you got user
    find vulnerable binary

  • Hello guys,

    I finally rooted the box and i learnt a lot of things. But I have a technical question, I didn't succeed to spawn a shell using the one liners foundable on internet. I could only execute commands but not an interactive shell. Would someone explain me why the spawn shell thing is not working ?

    Thanks !

  • ROOTED , thx


  • edited April 6

    Rooted! Most satisfying Mango I've tasted yet. Learned heaps! thanks @MrR3boot !


Sign In to comment.