got login page
but I try a lot of payload about “mango”
in PayloadsAllTheThings repository
input to username&password
i only got same response
can someone help me
I am stuck in the exact same place. I’m gonna take a break and see if that helps.
edit: it did help! calmed down and searched about stuff I already knew + the keyword Extract and found some more useful info that got me over the hump.
edit again + 1 hour: rooted. that is definitely easier than user. PM me for hints.
anyone can help? i found the login page, and used the little 302 machine to squeeze password out of a**** and m****, but none of them seems to be working while i use it at the login page. any trick in the 302 machine?
Rooted the machine!
At end it wasnt very hard, each step is ‘simple’ but the problem for me it was i didnt know some specific knowledge to solve each step…!
root@mango:~# hostname; id
mango
uid=0(root) gid=0(root) groups=0(root)
This mango is taste good enough! Thanks to creator @MrR3boot for the machine!
I like box where you need to write custom exploit. Root is was easy. There is a multiple way how to root using the same binary - try to play with it
So, I got root (even root shell) and user on Mango. However, getting to know what users to crack and what backend to exploit were primarily from hints here on the forums. Can someone message me with how you would have got to these two points with no prior knowledge or nudges? I checked on walk-throughs (the ones where to you need to root.txt to access the walk-through, but they all just make ‘assumptions or guesses’ about these two points which leads me to believe they also just followed hints from the forums.
I ask, since in real world pentesting, I won’t be able to just ask around and get those hints. Just want to learn all I can to be effective on the OSCP exam and in real life. Thanks!
I need help with the script. it prints 5 characters for a**** and 15 characters for m**** so i tried to login with m**** but it doesn’t work. can someone help me with the script.
edit: was able to get user.txt. I can’t figure out root at the moment
Need some help, extracted the mango juice with the script. Connected with ssh and extracted the data from datse. Confirmed the passwords, but I still can’t login or su with a*n. What iam missing ?
edit: a bright mind changed the password in the db, achievement of the year to that person… for sure, and the year just started…
Did not find the hint helpful, the ones that are pointing to the box name that is. Even now after rooting it’s a big nono from my POV. I had initially thought correctly about what I was dealing with even without them but wasn’t quite sure because I had no experience with it. Decided to check forums, and all those hints pointing to box name were throwing me off even further from the path.
Decided to follow my earlier suspicion after awhile and was kind of smooth sailing after. Learnt a little bit from the box. Not sure how to improve on the box hint side but I feel like it was interpreted wayyyyy off for me due to its nature.
Can someone maybe help me? I made quite some progress and landed at the planting site. However the whole process doesn’t seem to make sense and I am also suck in getting the passwords with a script.
Can someone maybe help me? I made quite some progress and landed at the planting site. However the whole process doesn’t seem to make sense and I am also suck in getting the passwords with a script.
Can someone maybe help me? I made quite some progress and landed at the planting site. However the whole process doesn’t seem to make sense and I am also suck in getting the passwords with a script.
