Mango | HackTHeBox Writeup

Overview

Mango is a medium Linux-based machine in HackTheBox

 

User Part

start with nmap scan found 3 open ports

Go to The Website , We Can see the site is forbidden

So Go to HTTPS, and we can able to see its SSL certificate By Going through Advanced -> Continue.
Host Name is Given In Certificate “staging-order.mango.htb”

Add Host name to the /etc/hosts file

Go the site now , and its accessible

After Some Enumerations, I found it has NoSQL Injection

Pass the Given Value And we got 302 FOUND, instead of 200 OK

Search For Exploit and Found A python Script For Username And Password Enumeration

Exploitation Using Python Script , And We Got 2 USERNAMES and 2 PASSWORDS

Try SSH With Given Credentials And We Can Able to login to Mango User

Privilege Escalate To Admin From Mango With The Credentials We Got Earlier Using Python Script And We Can Able to Login To Admin.

Read The user.txt from Admin

Root Part

Priviliage escalate from Admin to root , Search For SUID Binaries

We Can See jjs is in There and in “ls -la” Command also we can see jjs.history

Search For jjs in GTFOBins and we Got We can read file using jjs exploit

Now We Can read the root.txt

Share on facebook
Share on twitter
Share on linkedin