Hack The Box Mango is a medium difficulty Linux machine.
Here in this post, you can find some useful tips to on the box. Note that, these tips are already available in HTB Mango machine forum posts, so it is not a SPOILER!
- A regular nmap scan
- Look for a regular webserver port but a secured one
- TLS could tell a story
- make use of hosts!
- Look if there is something similar to the box name?
- SQL or NoSQL you need to decide
- A SwissKey repo in GitHub is your friend.
- Take a burp 🙂
- Intercept the authentication and find something cooler.
- Now the doctor-less injection could help you because you hit the “Administrator” in the above step 🙂
- SQL or NoSQL decide “Blindly”
- If your “Blind Target” was correct, you should have the key here.
- Thank Tatu Ylönen for his development and use the tool he developed.
- But it’s not that easy, your main “Key” is stored somewhere where the data is stacked! – find it
- So the key you got will help you to unlock the home of the younger brother of “Administrator”
- Well, there you got the half job done
Soon, I will publish a full writeup of Hack The Box Mango Machine.