[FORTRESS] Akerva

@clubby789 said:
A new Fortress has been released! Looks interesting.

Yeah

Yep, but seems down right now… My fortress vpn is up, got IP 10.13.16.65. But can’t ping, or access the old Jet Fortress or the new…

Edit: Just start answering

It comes and goes, I think people are really hammering the box

ok I’m having trouble finding the second flag, it should be something obvious right??

My guess would be to use different wordlists no enum… but at 5req/s, i think me must be patient…

Edit: wrong guess… at least, there is something else

I’ve found something on the high port but not sure if I’m on the correct path, plus it seems like a dead end…

Two first flag were pretty easy. For the third, the /s… vhost is down (error 500) at this moment. Is it still possible to got the next flag? Or I should wait for a reset?

I only managed to find the first one. I found user **s and its only post, as well as, a bunch of directories but nothing relevant. Also tried to login but with no success. Any hint on where to look? Thx

Please stop fuzzing. Very short wordlists will find everything that can be found.

That was a fun fortress, completed it earlier this morning. Hint: no fuzzing required, no bruteforcing requires, and very little dirb’ing. Most of it all is discovered through NMAP, all you need.

Type your comment> @gverre said:

Yep, but seems down right now… My fortress vpn is up, got IP 10.13.16.65. But can’t ping, or access the old Jet Fortress or the new…

Edit: Just start answering

Same thing. For me it was necessary to add a route to reach the box.

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

Type your comment> @idevilkz said:

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

Please do not brute force. There’s no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you’re probably missing something crucial…

Type your comment> @farbs said:

Type your comment> @idevilkz said:

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

Please do not brute force. There’s no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you’re probably missing something crucial…

thanks Sir, I haven’t done it as I know boxes on this platform don’t need bruting but I thought i would post it here just in case. I shall try harder.

Type your comment> @idevilkz said:

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

The answer is in your nmap scan (tcp, udp…). Thanks @gverre for your help.

thanks @choupit0 had some slow progress as I am reading as I go along. I shall post with an update soon. seeing some interesting stuff on scan now.

anyone can help little secret?

Performing an enumeration making the target less performant or unusable, was never a good option when performing a penetration test. Please adjust the low threads in your tools and avoid brute force, sometimes looking at ALL ports and protocols is the best option.

Am I stuck on the last flag any help on “se*d _ e.md”?

Stuck at the 7th flag, totally lost T.T