[FORTRESS] Akerva

Please stop fuzzing. Very short wordlists will find everything that can be found.

That was a fun fortress, completed it earlier this morning. Hint: no fuzzing required, no bruteforcing requires, and very little dirb’ing. Most of it all is discovered through NMAP, all you need.

Type your comment> @gverre said:

Yep, but seems down right now… My fortress vpn is up, got IP 10.13.16.65. But can’t ping, or access the old Jet Fortress or the new…

Edit: Just start answering

Same thing. For me it was necessary to add a route to reach the box.

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

Type your comment> @idevilkz said:

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

Please do not brute force. There’s no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you’re probably missing something crucial…

Type your comment> @farbs said:

Type your comment> @idevilkz said:

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

Please do not brute force. There’s no brute forcing needed. The Fortress is already operating slow enough as it is. If brute forcing seems like the best option, you’re probably missing something crucial…

thanks Sir, I haven’t done it as I know boxes on this platform don’t need bruting but I thought i would post it here just in case. I shall try harder.

Type your comment> @idevilkz said:

got the first flag.
for the second flag, i can see login panel and /or a thing on higher port. do i need to brute force login or find some vulnerabilities using ****an tool ?

The answer is in your nmap scan (tcp, udp…). Thanks @gverre for your help.

thanks @choupit0 had some slow progress as I am reading as I go along. I shall post with an update soon. seeing some interesting stuff on scan now.

anyone can help little secret?

Performing an enumeration making the target less performant or unusable, was never a good option when performing a penetration test. Please adjust the low threads in your tools and avoid brute force, sometimes looking at ALL ports and protocols is the best option.

Am I stuck on the last flag any help on “se*d _ e.md”?

Stuck at the 7th flag, totally lost T.T

stuck on dead poets. i see the path but unable to get info out, working on fatty to take my mind away and come back fresh.

Its been great so far. But I would really appreciate a nudge for the last flag. I have no clue past the first step with that “se*d _ e.md”… The tools I know doesn’t help me that time…

Edit: Rooted! Real fun!

Can anyone nudge me in the direction of flag 4? Not sure how to proceed on Now You See Me. .

EDIT: Rooted. Great experience.

Type your comment> @idevilkz said:

stuck on dead poets. i see the path but unable to get info out, working on fatty to take my mind away and come back fresh.

Same here. Could someone with us a small hint? I tried different things without success :frowning:

Edited: Removed since someone considered a spoiler…

Type your comment> @designer46 said:

Edit: Tried to access /*e*/s*a*e_**v.*y but the access is forbidden. Also tried to access /s**I**s/b****p_***r*_****n***s.s*, however I couldn’t find any credentials. And when I fail I get an error asking me to contact w*******r and there is no way for the error to go away so I probable messed something up…

Your Should have learned about VERB in School

Hope not a Spoiler!!

Type your comment> @Vibhu025 said:

Type your comment> @designer46 said:

Edit: Tried to access /*e*/s*a*e_**v.*y but the access is forbidden. Also tried to access /s**I**s/b****p_***r*_****n***s.s*, however I couldn’t find any credentials. And when I fail I get an error asking me to contact w*******r and there is no way for the error to go away so I probable messed something up…

Your Should have learned about VERB in School

Hope not a Spoiler!!

Definitely was not a spoiler. I thought you were complaining that I posted some spoilers xD Thanks you and @rwu for the help!

I was trying to solve “Open Book” flag, but the web server on the high port does not respond anymore. I think this is due to someone has sent too many wrong P*N attempts.

Is the reset the only way to make things work in this situation?

@mrnfrancesco i had the same problem, but what worked for me in that case was to disconnect and reconnect the VPN . I am not sure if this works for others too,but for me it worked almost everytime.