Hack The Box – Mango Machine Root Tips – No Spoilers |

Hack The Box Mango is a medium difficulty Linux machine.

Here in this post, you can find some useful tips to on the box. Note that, these tips are already available in HTB Mango machine forum posts, so it is not a SPOILER!

  • A regular nmap scan
  • Look for a regular webserver port but a secured one
  • TLS could tell a story
  • make use of hosts!
  • Look if there is something similar to the box name?
  • SQL or NoSQL you need to decide
  • A SwissKey repo in GitHub is your friend.
  • Take a burp 🙂
  • Intercept the authentication and find something cooler.
  • Now the doctor-less injection could help you because you hit the “Administrator” in the above step 🙂
  • SQL or NoSQL decide “Blindly”
  • If your “Blind Target” was correct, you should have the key here.
  • Thank Tatu Ylönen for his development and use the tool he developed.
  • But it’s not that easy, your main “Key” is stored somewhere where the data is stacked! – find it
  • So the key you got will help you to unlock the home of the younger brother of “Administrator”
  • Well, there you got the half job done

Soon, I will publish a full writeup of Hack The Box Mango Machine.


Hey there, I'm Navin, a passionate Info-Sec enthusiast from Bahrain. I started this blog to share my knowledge. I usually write on HackTheBox machines and challenges, cybersecurity-related articles and bug-bounty. If you are an HTB user and like my articles, please respect here: Profile: https://www.hackthebox.eu/nav1n

View all posts by Navin →
Notify of
Inline Feedbacks
View all comments
Sorry, that action is blocked.