Mango

Type your comment> @0xbadbac0n said:

So my feedback…
getting the initial step in was horror…i run totally into a rabbit hole with the analytics tab x(
After I understood the box name, fixed my etc hosts becoming user was pretty straight forward…
root took me just a couple of minutes in the end.

It was nice to learn, to stick to the basics and do not overcomplicate ;D

funny sidegag I just experienced in the forum… try to post
/ e t c / h o s t s
as normal text in a message xD

yeah, I was looking for /etc / hosts like you did!
it was really funny… “you got root! just kidding” lol

This box required me to research and learn some new topics. Root done!

Need a nudge on how to use the commonName to find the login page pl0x!

EDIT: Disregard

Thanks @MrR3boot, amazing machine! Learned a lot. You should make Prophet or MarioDB machines too :wink:

I guess I understand all the hints, but not enough to know what to do with them. Would someone who’s got the box already be willing to PM and let me say what I think - I’m fairly sure I’m going in the right direction.

At the end read root.txt.
Here is my hints:

  • user: find web page to login (but not login) ; try to inject some code (but not sql inject)
  • root: enumerate and gtfobins

PM me if you need help.
(and if someone can explain me how to get a root shell please PM me).

Oh. That so weird for me. Can someone explain why? How? Is this a real-life scenario? I’m about the response we get.
Hints: actually I don’t know what else add, all already in the forum.
PM for if you need help, ill try to help)

What a sweet box this was. Even though I wasted hours and hours on useless dirbusting (there’s absolutely no need for any of that - you see all web pages you need without any guessing), I’m not even angry. I’m GLaD. Thanks to all who left hints here. I’m sure I’ll still be banging my head at more rock(you)s if not not for those who finally made me understand what indeed a Mango is. It’s not a fruit of a coconut family, and you don’t need to be “a female priest who gave people wise but often mysterious advice” to figure this out.
Anyway, even though I have both keys to claim the box, I’m still not sure how to get the final shell. Anyone would like to share with me the last command?

Rooted. Any hint to get a shell as root?

Thank you.

I have found the login page. I know what is running behind and I managed to extract a password which doesn’t seem to fit anywhere.
Can anyone please PM me for little guidance? Thank you in advance.

EDIT : Rooted!
Thanks to EvilT0r13 for the guidance. Thanks to MrR3boot for the great machine. :slight_smile:
Feel free to PM if needed assistance.

I think it’s time to retire this machine. Some douche made a post that spoils the whole thing.

I was finally able to get root struggled a little longer with the syntax then I should have. If anyone needs a nudge.

rooted.
Can someone DM me about how we know whats running on the back-end besides a guess?

Also, this box is prob a lot easier now that there is a ready to go script for extraction…

Rooted. Fun box. Thanks @MrR3boot

I found rummaging around in the trash gave some handy goodies for getting a shell after the more obvious stuff seemed rubbish.

Hey guys i got the access to the logins and all but i don’t understand why it worked if someone could pm me to explain me a thing or two it would help me a lot thanks

Fun box and similar to a trophy machine on OSCP. Root was fine if you are used to a certain programming language environment, else there’ll be some research involved.

Finally rooted. really fun box. Thanks @MrR3boot for amazing box.

for gtfo use “bash” instead of “sh”.

Great box, I learned a lot, thank you @MrR3boot

@MrR3boot

I don’t recall this error I’m seeing on the box.

Current key is only applicable for *.codepen.io.
Read more info about this error
You are trying to use the following key: Z7O0-XHE57Y-4E612Q-0Z331K-0U6G1B-525E0Z-150F5Q-5V521M-4O3O4B-41

I’m guessing a key is past trial or something. Last I recall the website let me see the charts and such.

Will this affect my attempt to own this box before reset?

Type your comment> @PrivacyMonk3y said:

@MrR3boot

I don’t recall this error I’m seeing on the box.

Current key is only applicable for *.codepen.io.
Read more info about this error
You are trying to use the following key: Z7O0-XHE57Y-4E612Q-0Z331K-0U6G1B-525E0Z-150F5Q-5V521M-4O3O4B-41

I’m guessing a key is past trial or something. Last I recall the website let me see the charts and such.

Will this affect my attempt to own this box before reset?

Not at all