[FORTRESS] Context

A new fortress has been released. Started poking around, looks interesting.

k4wld
Discord: k4wld#5627

Tagged:
«1

Comments

  • Ah looks quite troublesome, or I am just realizing I still have so much space to grow !

    profile
    Hi I am cyberwr3nch. You may reach me on discord: cyberwr3nch#7381.Checkout my git repo might be useful: https://github.com/cybwr3nch/hackthebox

  • any hints to begin with ?

  • Looking deeply helps a lot

  • stuck on SQLi :(

  • Lemme try & be nice...
    1) view-source:??????
    2) SQLi
    3) Log in, Click around

    I was going to ask for some help, but I didn't realize this was a totally new Fortress. I guess I should just "try harder". But dammit, if I try any harder I'll probably break my keyboard! sigh j/k

  • Type your comment> @Zot said:

    Lemme try & be nice...
    1) view-source:??????
    2) SQLi
    3) Log in, Click around

    I was going to ask for some help, but I didn't realize this was a totally new Fortress. I guess I should just "try harder". But dammit, if I try any harder I'll probably break my keyboard! sigh j/k

    Stuck on SQLi as well...

  • The SQLi part was very slow....require a lot of patience :)

    Hack The Box

  • can anyone vote 1 reset now they are 4 .
    I am stuck at the sqli because it worked yesterday a bit and now it is not :(

  • Type your comment> @MariaB said:

    can anyone vote 1 reset now they are 4 .
    I am stuck at the sqli because it worked yesterday a bit and now it is not :(

    Yeah, the same, I was stuck because the Fortress needed a reset...
    It worked this afternoon for a while, it really takes ages to complete...
    Voted +1 for reset

  • edited October 2020

    Heyyyo, been stuck on 4-th Flag,
    r*l*r seems not to work
    got dbcreds, but cant figure out what i have to do with that.
    Any hints please?

  • @Looking4 me too .This machine doesnt make much sense .especially the sqli took me ages .
    I am also stuck finding the 4 th flag .I will PM you

  • Stuck on the 3rd flag.. Any hints please?

  • Spoiler Removed

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • @jkana101
    Any reversing required at step4?

  • Nope, i wouldn't call it that

    Magavolt

  • edited October 2020

    .

    k4wld
    Discord: k4wld#5627

  • Step 4 has shown me some things, I've tried EVERYTHING on this page: https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/
    I also tried looking up the Exchange "CANARY" attack, but, I don't know how, & couldn't find a good example. Though the clue (it's a bird, it's a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, that's pretty broad. I got db creds too, weren't good for much, just learning more about the setup. There was a hidden db making for 5 different databases.

  • I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e :)

  • Got some zip files but dont know what to do with it

  • Need some hints on 5th Flag, please.
    So far i've got no clue.

  • edited November 2020

    EDIT: solved

    mrnfrancesco

  • same here stuck on the 5th flag :tired_face:

  • Type your comment> @sigeri said:

    same here stuck on the 5th flag :tired_face:

    I just got it. I actually had it, but I didn't check my exfiltration data thoroughly. It's in a table, a table with, "sensitive" data.

    I dig this fortress! Had A LOT of phun so far. I always say I'm more of a *nix person, but somehow I'm getting the job done here. Just takes me 3 times longer because of the documentation I gotta read.

  • edited November 2020

    hm, that's wierd. I've done SQLi part and get creds but it's useless to the all of 3 connections ports (except site admin panel)
    is it my fault or that's the point?

    upd. solved. thanks

  • Stuck on the third flag. Got creds for outlook. But can't do anything from there. Any hints?

  • edited January 4

    is there supposed to be a third flag once we gain access to the mail service?
    eeh nvm got it

  • I've been stuck on the 4th flag for weeks now... playing with some cookies, but still generally lost. Anyone able to offer a nudge?

    Hack The Box

  • @pL4sTiC I am in the same situations if you are able to get some leads kindly help me.

  • edited March 2

    Anyone able to give a nudge on the 3rd flag? I have the web login info and got to check my mail. I notice a certain someone likes not checking URLs, but not sure how I can leverage it to my advantage. I tried 'responding' to his requests, but nothing of value come in.

    Any help appreciated!

    Nvm solved. Pm if stuck

  • edited March 3

    Im stuck on the third flag. Logged in. Searched everywhere for everything. Empty, empty, empty and totally empy... Is the box ready for a reset?? Perhaps someone was triggerhappy on the delete button??? Or am I on the wrong path here?

    edit: Clicked everywhere... but there... got it now.

    f1rstr3am

Sign In to comment.