[JET] Fortress

Hints :slight_smile:
bypass auth - jet uses sql database so you know what to do.
command - as the word says you need to give your command somewhere,burp helps :slight_smile:
overflown - as the word says you need to overflow something .

Note:Read the task name in HTB its a hint actually.

Hi, anyone is still doing that box ? i’m stuck at elasticity and could use some hints, i’ve try every idea i could find :confused:

Any hint on command’s payload/action?
I can do simple stuff, but if i try to manipulate potential target (found only one in dashboard) it is just not happening.
EDIT: So, manipulate potential target (doing XSS) pointless indeed. Look for vulns in unusual mechanism.

Spoiler Removed

Hi at the moment i’m stuck at ex*****.z** have use z*****hn export both hashes to a file but john seems unable to crack the hashes

can some tell me what program to use?

thanks

Hi,
Could someone give a nudge on “digging in…” , I tried known tools, but do not have results? Thanks

Stuck at Command. Spotted the path in, but can’t figure out how to leverage.

Edit: Got it. Once I figured out how it was meant to work, breaking it was easy.

Type your comment> @jvlavl said:

Hi at the moment i’m stuck at ex*****.z** have use z*****hn export both hashes to a file but john seems unable to crack the hashes

can some tell me what program to use?

thanks

Hi,
i also need some help at this section :frowning: is somebody here who could help me please?

I’m stuck on Overflown, if someone can PM it would be great.

stuck on making command to work … can anyone help??

Somehow I skipped over “Going deeper”, but after trying to go deeper I can’t get anywhere. Could someone PM me with a pointer in the right direction?

@dnperfors said:

Somehow I skipped over “Going deeper”, but after trying to go deeper I can’t get anywhere. Could someone PM me with a pointer in the right direction?

Go back to that stage and look for the flag in the site.

anyone got access to the server “not as w**-----” after completing the command challenge?

Hint for overflow: look at available libraries for both versions of python on jet.

@clubby789 said:
@dnperfors said:

Somehow I skipped over “Going deeper”, but after trying to go deeper I can’t get anywhere. Could someone PM me with a pointer in the right direction?

Go back to that stage and look for the flag in the site.

Thanks everybody giving me some hints, but I am looking for hints for “Going deeper”, not for “Bypassing Authentication” (which I already solved…)

can any one help me with overflown??? should the binary port be accessible remotely or locally?

Can someone help with overflow?
I have working script for my local machine, but in jet machine it prints some strange characters in the middle of execution and then fails, can’t understand why.

EDIT: proper tty is critical. You can find methods by “upgrading tty” search. Look for stty method.

Scratching my head at Digging In… I thought this would be pretty straight forward, but I’m clearly missing something. I’m not getting any answers withdig and I’m coming up empty with every tool I’ve used outside of dig. Can anyone give me a nudge? I’m happy to share everything I’ve tried via PM.

Type your comment> @d3v1ant said:

Scratching my head at Digging In… I thought this would be pretty straight forward, but I’m clearly missing something. I’m not getting any answers withdig and I’m coming up empty with every tool I’ve used outside of dig. Can anyone give me a nudge? I’m happy to share everything I’ve tried via PM.

same.

reverse look gives you more information…