Mango

Rooted.

Rooted , great box!

Type your comment> @dividebyzer0 said:

STOP CHANGING THE PASSWORDS FOR THE USERS ON THIS BOX!

I wasted two hours trying to figure out why I couldn’t su to a particular user with the creds I already found. Why? Because some self-absorbed jackass had changed the password and then left it that way after rooting the box.

People that do this need to be lead to the gallows.

Thanks for this! I also wasted way too much time looking for a privesc because i assumed this wasn’t the route. This comment saved me many more hours of frustration.

After trying a lot of different things and reading 22 pages of terrible and misleading advises i still don’t know how to get to login page. I’m a terrible skid and a shame to this community. Someone put me out of my misery.

Rooted.

it’s hard for me

Hey i am getting an error in ana****.php

Current key is only applicable for *.codepen.io.
Read more info about this error
You are trying to use the following key: Z7U7-XHIF9V-4A5Q3S-343X5O-0P5G1R-5G2G25-6S5F2Q-0Q0F5Z-37

can anyone help me with this?

Hello everybody,

I’m newbie in pentesting world and i’m totally stucked on the login page even after reading the whole topic. I have an idea about the “Mango” word game but I didn’t succeed doing some injection. Can someone confirm me that I have the good idea in PM or give me a nudge in order to progress ?

Thanks a lot !

Type your comment> @brueh said:

i ahve got user.txt now for root what should i do bro…

go get a good drink… relax… enjoy live… do something good for mankind… and think about the meaning of life / the universe / and everything…
but: just dont ask… (bro)

You need to chill with drugs

Rooted this delicious box, lemme know if y’all need a nudge or two

the login page is static with me, whenever I login no matter the credentials it gives me the same response as when the normal page loads, Is that normal ?

rooted.

plenty of rabbit holes to dive in but the path is quite straightforward.

  • remember that apache can be configured in different ways and pay attention to http responses you get
  • do some basic web enumeration
  • when you get a hint of a possible vulnerable spot, google for common attack vectors – the right tool here will greatly simplify your life
  • the road to the root from here is short and simple

good luck

Rooted :slight_smile:
pretty Easy

  1. find web
  2. enum username and password you got user
    priv
    find vulnerable binary

Hello guys,

I finally rooted the box and i learnt a lot of things. But I have a technical question, I didn’t succeed to spawn a shell using the one liners foundable on internet. I could only execute commands but not an interactive shell. Would someone explain me why the spawn shell thing is not working ?

Thanks !

ROOTED , thx

Rooted! Most satisfying Mango I’ve tasted yet. Learned heaps! thanks @MrR3boot !

That was a great box!
User was quite harder than root honestly. But learned a lot and got to taste the juiciest mangoes.

Obligatory hints:

User:

Never ignore any error.
Most of the time the machine’s name have relation with the attack vector.
Bruteforcing is a pain in the ■■■, not just for you, but more for others. Write a script instead :wink:

Root:

Enumerate, that’s enough. lol!

Thanks @MrR3boot for this awesome box!

heisenb3rg

Got it. Been working on this one all weekend. With the hint here I got root this morning.

Things I’ve learnt: I need to get better at python and building my own scripts, or modifying POCs that float around from time to time.

Good box. User was something new for me. Root was something new… still but very easy.

Cheers!

ROOTED SUCCESSFULLY !
I’ve learned a lot from this box and had good experience
a lot of thanks to @MrR3boot for this awesome box and @traut for helping me

Got User & Root Flag. What a nice machine, getting the user was the most interesting part. There were many rabbit holes but still made my way through. Thumbs up