Mango

Aydeen · October 31, 2019, 12:15pm

Think I have the correct directory for the login page due to some convenient python scripts on pastebin. However, the url does not work. Very confused… Tried both ports. s******-r.m.b/i**.*** right?

blackwingz44 · October 31, 2019, 12:34pm

How did you guys go to the staging? I’m just in the live folder always.

blackwingz44 · October 31, 2019, 4:03pm

Got the root flag without logging in as “root”

Wolfman000 · October 31, 2019, 5:56pm

Figured out how to get to the lgn page…
Now what? I’ve read that a script to enumerate the backend system is needed.
Where to start??

Day 2, still no shell…

librab103 · October 31, 2019, 7:12pm

Are there any write-ups you can point to that is like Mango that I can look at?

tvv · October 31, 2019, 8:27pm

staring at login page, think I get what the name is about , higher port isn’t open and tried legit logins and '- logins. Anyone can give me a nudge?

TheFancyDoge · October 31, 2019, 9:45pm

Well, I am officially insanely stuck. I found the login page but despite the clues about the box name I have no idea where to go from here. Would appreciate a DM nudge if anyone would be so kind.

Shellx · October 31, 2019, 10:18pm

I got “under constrution” , any hints?

BadRain · October 31, 2019, 10:35pm

H******y could be the key to move on?

aho · October 31, 2019, 11:25pm

Spoiler Removed

blackwingz44 · October 31, 2019, 11:49pm

Root:

You don’t have to priv esc, used the available tools in the system using your current user account.
Thanks to @rholas

wifislax · November 1, 2019, 3:16am

I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

adobopls · November 1, 2019, 6:09am

still stuck at the login page, few suggestions are appreciated

Impulse · November 1, 2019, 6:32am

For people who have no idea where to begin once u get the login page

The box is named for a reason … Once u get that hint
there is a good blogpost literally explaining the entire user process

GimmeANesquik · November 1, 2019, 9:22am

Just get user & love this box, ty

idealphase · November 1, 2019, 10:15am

Learning a new technique of web attacks. I will just be a Mango lover. Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

MrR3boot · November 1, 2019, 10:53am

@KryptoTheHippo said:
Just get user & love this box, ty

@idealphase said:
Learning a new technique of web attacks. I will just be a Mango lover. Let me know if you need some help. Thank you the creator of this awesome box @MrR3boot and @UrfinJuice for a useful hint.

Have a bite of Mango now

hg8 · November 1, 2019, 1:12pm

Got a**** user and its password… but what now ? I tried to enumerate other usernames with no luck. Am I missing out something ? Any little nudge appreciated.

Never mind figured it out! Messed my usernames enum.

m3dsec · November 1, 2019, 3:15pm

Spoiler Removed

m3dsec · November 1, 2019, 3:16pm

@wifislax said:
I am new to this and this is definitely been a learning experience for me. I finally got the root flag without logging in as root, still curious how i can login as root.

You can read files, and you can write them to…
think about prividing the .ssh folder what it needs to accept you