[JET] Fortress

stuck @ Memo

.

Any tip for command?

** * Nm, got It.

Hints :slight_smile:
bypass auth - jet uses sql database so you know what to do.
command - as the word says you need to give your command somewhere,burp helps :slight_smile:
overflown - as the word says you need to overflow something .

Note:Read the task name in HTB its a hint actually.

Hi, anyone is still doing that box ? i’m stuck at elasticity and could use some hints, i’ve try every idea i could find :confused:

Any hint on command’s payload/action?
I can do simple stuff, but if i try to manipulate potential target (found only one in dashboard) it is just not happening.
EDIT: So, manipulate potential target (doing XSS) pointless indeed. Look for vulns in unusual mechanism.

Spoiler Removed

Hi at the moment i’m stuck at ex*****.z** have use z*****hn export both hashes to a file but john seems unable to crack the hashes

can some tell me what program to use?

thanks

Hi,
Could someone give a nudge on “digging in…” , I tried known tools, but do not have results? Thanks

Stuck at Command. Spotted the path in, but can’t figure out how to leverage.

Edit: Got it. Once I figured out how it was meant to work, breaking it was easy.

Type your comment> @jvlavl said:

Hi at the moment i’m stuck at ex*****.z** have use z*****hn export both hashes to a file but john seems unable to crack the hashes

can some tell me what program to use?

thanks

Hi,
i also need some help at this section :frowning: is somebody here who could help me please?

I’m stuck on Overflown, if someone can PM it would be great.

stuck on making command to work … can anyone help??

Somehow I skipped over “Going deeper”, but after trying to go deeper I can’t get anywhere. Could someone PM me with a pointer in the right direction?

@dnperfors said:

Somehow I skipped over “Going deeper”, but after trying to go deeper I can’t get anywhere. Could someone PM me with a pointer in the right direction?

Go back to that stage and look for the flag in the site.

anyone got access to the server “not as w**-----” after completing the command challenge?

Hint for overflow: look at available libraries for both versions of python on jet.

@clubby789 said:
@dnperfors said:

Somehow I skipped over “Going deeper”, but after trying to go deeper I can’t get anywhere. Could someone PM me with a pointer in the right direction?

Go back to that stage and look for the flag in the site.

Thanks everybody giving me some hints, but I am looking for hints for “Going deeper”, not for “Bypassing Authentication” (which I already solved…)

can any one help me with overflown??? should the binary port be accessible remotely or locally?

Can someone help with overflow?
I have working script for my local machine, but in jet machine it prints some strange characters in the middle of execution and then fails, can’t understand why.

EDIT: proper tty is critical. You can find methods by “upgrading tty” search. Look for stty method.