Mango

Got user yesterday and finally pwnt root this morning.
Getting user was a lot of fun.

Loved this box!

Stop bashing this machine please, not fun anymore. This box keeps come online and within 1 minute it’s unavailable again

It is an interesting machine, when people say that Mango is a words game, it really is, but don’t try to break your head trying brute force with combinations of this word or similar things, I did it was discouraging.

The escalation is very easy, there is a very clear hint in the folder of the second user

Thanks @Twypsy @MrR3boot :slight_smile:

@MrR3boot is there a kind of request limiter on the box?

Finally got logged in shell as user m**** with good help of @hlyblyhakr

Tomorrow hoping for a little more progress to own user…

The connection of this box is really wors though, keep dropping connection or is it just me?

Spoiler Removed

W00t w00t !

Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my shit over that one :slight_smile:
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise

@D3Fix said:
@MrR3boot is there a kind of request limiter on the box?

Nope.

@HumanFlyBzzzz said:
W00t w00t !

Thanks @JadeWolf for assisting me with the re**x syntax ive been losing my shit over that one :slight_smile:
Oh and I LOVED the box @MrR3boot , learned a ton here, cant think of a higher praise

Me too :slight_smile:

finally got root … Nice box and very tasty mango … Learn much more …

Thank you who are helped me.

rooted, very nice box :smiley:

Finally got root!! Thanks, @MrR3boot for this box, and @hlyblyhakr for the hints.

Hints for this box:

User

  • Listen to the responses
  • Don’t brute force, you won’t get anything from it
  • Dirbuster is not your friend
  • Boxname is a really big hint

Root

  • Standard enum and get the flag with one simple command
  • gtfobins

For more hints, PM me. But be clear where you got stuck and what you already have done.

To seek out new life and new civilizations. To boldly go where no man has gone before!
ok… m*ngos were absolutely new to me… but really funny… (kind of irreal security concept … isnt’it?)

hints from me?..
hints from me:
i made an absolutly ugly script to get an regex password without special chars (ecaped as ‘.’)… and then glued them together with a list of escaped characters… urgh… but it worked…
so my hint:
payloadallthethingsanddontstopthere

root not to mention… ;)… you’ll see it if you’re admin…

thanks for the machine…

found the login page ~ found the username ~ and well stuck at finding password -__- can someone give me tips for the correct expression code? rooted

my way: if its not alphanumeric or the safe specialchars… use regex ‘.’ … and guess next char… in the end you have an almost perfect password… now search for the missing special char… (of course without regex)…

ok… again i consider this as ugly… but both passwords only had 1 alien inside… so it
worked…

Type your comment> @GChester said:

Can someone who’s solved this DM me to discuss enumerating creds. I’ve of enumerated users with scripts modified from different web places but I can’t successfully modify them to get passwords. I get different passwords back depending on the script I run.

Im not sure if it’s my logic or my poor python modifying ability.

Same boat :S

Can someone who has solved this please DM to discuss the password regex details, currently have my script responding to the requests, however I am struggling to pass it in the right way.

root@mango:~# id
uid=0(root) gid=0(root) groups=0(root)

As someone with little to no coding skills I finally managed to get root on this box, and I must say it feels like a great accomplishment.

Thanks @MrR3boot for a great box, and thanks @D3Fix for the hints regarding initial foothold.

In the end it was one silly character (^) that cost me hours of time and countless hairs on my head. PM me if you need any hints.

Finally rooted! Great box @MrR3boot !!
Thank @D3Fix for the hint!

@brueh said:
To seek out new life and new civilizations. To boldly go where no man has gone before!
ok… m*ngos were absolutely new to me… but really funny… (kind of irreal security concept … isnt’it?)

hints from me?..
hints from me:
i made an absolutly ugly script to get an regex password without special chars (ecaped as ‘.’)… and then glued them together with a list of escaped characters… urgh… but it worked…
so my hint:
payloadallthethingsanddontstopthere

root not to mention… ;)… you’ll see it if you’re admin…

thanks for the machine…

Kind of irreal security concept... isnt'it ? well its not. So many apps sitting in cloud using same technology which mightbe vulnerable to this kinda issue.