[FORTRESS] Context

A new fortress has been released. Started poking around, looks interesting.

k4wld
Discord: k4wld#5627

Tagged:

Comments

  • Ah looks quite troublesome, or I am just realizing I still have so much space to grow !

    profile
    Hi I am cyberwr3nch. You may reach me on discord: cyberwr3nch#7381.Checkout my git repo might be useful: https://github.com/cybwr3nch/hackthebox

  • any hints to begin with ?

  • Looking deeply helps a lot

  • stuck on SQLi :(

  • Lemme try & be nice...
    1) view-source:??????
    2) SQLi
    3) Log in, Click around

    I was going to ask for some help, but I didn't realize this was a totally new Fortress. I guess I should just "try harder". But dammit, if I try any harder I'll probably break my keyboard! sigh j/k

  • Type your comment> @Zot said:

    Lemme try & be nice...
    1) view-source:??????
    2) SQLi
    3) Log in, Click around

    I was going to ask for some help, but I didn't realize this was a totally new Fortress. I guess I should just "try harder". But dammit, if I try any harder I'll probably break my keyboard! sigh j/k

    Stuck on SQLi as well...

  • The SQLi part was very slow....require a lot of patience :)

    Hack The Box

  • can anyone vote 1 reset now they are 4 .
    I am stuck at the sqli because it worked yesterday a bit and now it is not :(

  • Type your comment> @MariaB said:

    can anyone vote 1 reset now they are 4 .
    I am stuck at the sqli because it worked yesterday a bit and now it is not :(

    Yeah, the same, I was stuck because the Fortress needed a reset...
    It worked this afternoon for a while, it really takes ages to complete...
    Voted +1 for reset

  • edited October 28

    Heyyyo, been stuck on 4-th Flag,
    r*l*r seems not to work
    got dbcreds, but cant figure out what i have to do with that.
    Any hints please?

  • @Looking4 me too .This machine doesnt make much sense .especially the sqli took me ages .
    I am also stuck finding the 4 th flag .I will PM you

  • Stuck on the 3rd flag.. Any hints please?

  • Spoiler Removed

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

  • @jkana101
    Any reversing required at step4?

  • Nope, i wouldn't call it that

    Magavolt

  • edited October 31

    .

    k4wld
    Discord: k4wld#5627

  • Step 4 has shown me some things, I've tried EVERYTHING on this page: https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/
    I also tried looking up the Exchange "CANARY" attack, but, I don't know how, & couldn't find a good example. Though the clue (it's a bird, it's a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, that's pretty broad. I got db creds too, weren't good for much, just learning more about the setup. There was a hidden db making for 5 different databases.

  • I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e :)

  • Got some zip files but dont know what to do with it

  • Need some hints on 5th Flag, please.
    So far i've got no clue.

  • edited November 8

    EDIT: solved

    mrnfrancesco

  • same here stuck on the 5th flag :tired_face:

  • Type your comment> @sigeri said:

    same here stuck on the 5th flag :tired_face:

    I just got it. I actually had it, but I didn't check my exfiltration data thoroughly. It's in a table, a table with, "sensitive" data.

    I dig this fortress! Had A LOT of phun so far. I always say I'm more of a *nix person, but somehow I'm getting the job done here. Just takes me 3 times longer because of the documentation I gotta read.

  • edited November 17

    hm, that's wierd. I've done SQLi part and get creds but it's useless to the all of 3 connections ports (except site admin panel)
    is it my fault or that's the point?

    upd. solved. thanks

Sign In to comment.