[FORTRESS] Akerva

A new Fortress has been released! Looks interesting.

clubby789

  • GCIH
    If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )

Comments

  • @clubby789 said:
    A new Fortress has been released! Looks interesting.

    Yeah

    Vibhu025

  • edited May 19

    Yep, but seems down right now... My fortress vpn is up, got IP 10.13.16.65. But can't ping, or access the old Jet Fortress or the new....

    Edit: Just start answering

  • It comes and goes, I think people are really hammering the box

    Hack The Box

  • ok I'm having trouble finding the second flag, it should be something obvious right??

    Hack The Box

  • edited May 19

    My guess would be to use different wordlists no enum.... but at 5req/s, i think me must be patient....

    Edit: wrong guess... at least, there is something else

  • edited May 19

    I've found something on the high port but not sure if I'm on the correct path, plus it seems like a dead end...

    Hack The Box

  • edited May 20

    Two first flag were pretty easy. For the third, the /s....... vhost is down (error 500) at this moment. Is it still possible to got the next flag? Or I should wait for a reset?

  • I only managed to find the first one. I found user **s and its only post, as well as, a bunch of directories but nothing relevant. Also tried to login but with no success. Any hint on where to look? Thx

  • Please stop fuzzing. Very short wordlists will find everything that can be found.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • That was a fun fortress, completed it earlier this morning. Hint: no fuzzing required, no bruteforcing requires, and very little dirb'ing. Most of it all is discovered through NMAP, all you need.

  • Type your comment> @gverre said:

    Yep, but seems down right now... My fortress vpn is up, got IP 10.13.16.65. But can't ping, or access the old Jet Fortress or the new....

    Edit: Just start answering

    Same thing. For me it was necessary to add a route to reach the box.

    choupit0

  • got the first flag.
    for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

  • Type your comment> @idevilkz said:

    got the first flag.
    for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

    Please do not brute force. There's no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you're probably missing something crucial...


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • Type your comment> @farbs said:

    Type your comment> @idevilkz said:

    got the first flag.
    for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

    Please do not brute force. There's no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you're probably missing something crucial...

    thanks Sir, I haven't done it as I know boxes on this platform don't need bruting but I thought i would post it here just in case. I shall try harder.

  • Type your comment> @idevilkz said:

    got the first flag.
    for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

    The answer is in your nmap scan (tcp, udp...). Thanks @gverre for your help.

    choupit0

  • thanks @choupit0 had some slow progress as I am reading as I go along. I shall post with an update soon. seeing some interesting stuff on scan now.

  • anyone can help little secret?

  • Performing an enumeration making the target less performant or unusable, was never a good option when performing a penetration test. Please adjust the low threads in your tools and avoid brute force, sometimes looking at ALL ports and protocols is the best option.

  • Am I stuck on the last flag any help on "se****d _*** e.md"?

  • Stuck at the 7th flag, totally lost T.T

  • stuck on dead poets. i see the path but unable to get info out, working on fatty to take my mind away and come back fresh.

  • edited May 24

    Its been great so far. But I would really appreciate a nudge for the last flag. I have no clue past the first step with that "se****d _*** e.md"... The tools I know doesn't help me that time...

    Edit: Rooted! Real fun!

  • edited May 27

    Can anyone nudge me in the direction of flag 4? Not sure how to proceed on Now You See Me. .

    EDIT: Rooted. Great experience.

    jiggle

    Feel free to ask for hints/nudges. Just PM me what you've already done, & give respect if I help you.

  • edited May 28

    Type your comment> @idevilkz said:

    stuck on dead poets. i see the path but unable to get info out, working on fatty to take my mind away and come back fresh.

    Same here. Could someone with us a small hint? I tried different things without success :(

    Edited: Removed since someone considered a spoiler...

  • Type your comment> @designer46 said:

    Edit: Tried to access /*e*/s*a*e_**v.*y but the access is forbidden. Also tried to access /s**I**s/b****p_***r*_****n***s.s*, however I couldn't find any credentials. And when I fail I get an error asking me to contact w*******r and there is no way for the error to go away so I probable messed something up...

    Your Should have learned about VERB in School

    Hope not a Spoiler!!

    Vibhu025

  • Type your comment> @Vibhu025 said:

    Type your comment> @designer46 said:

    Edit: Tried to access /*e*/s*a*e_**v.*y but the access is forbidden. Also tried to access /s**I**s/b****p_***r*_****n***s.s*, however I couldn't find any credentials. And when I fail I get an error asking me to contact w*******r and there is no way for the error to go away so I probable messed something up...

    Your Should have learned about VERB in School

    Hope not a Spoiler!!

    Definitely was not a spoiler. I thought you were complaining that I posted some spoilers xD Thanks you and @rwu for the help!

  • I was trying to solve "Open Book" flag, but the web server on the high port does not respond anymore. I think this is due to someone has sent too many wrong P*N attempts.

    Is the reset the only way to make things work in this situation?

Sign In to comment.