[FORTRESS] Context

A new fortress has been released. Started poking around, looks interesting.

Ah looks quite troublesome, or I am just realizing I still have so much space to grow !

any hints to begin with ?

Looking deeply helps a lot

stuck on SQLi :frowning:

Lemme try & be nice…

  1. view-source:???
  2. SQLi
  3. Log in, Click around

I was going to ask for some help, but I didn’t realize this was a totally new Fortress. I guess I should just “try harder”. But dammit, if I try any harder I’ll probably break my keyboard! sigh j/k

Type your comment> @Zot said:

Lemme try & be nice…

  1. view-source:???
  2. SQLi
  3. Log in, Click around

I was going to ask for some help, but I didn’t realize this was a totally new Fortress. I guess I should just “try harder”. But dammit, if I try any harder I’ll probably break my keyboard! sigh j/k

Stuck on SQLi as well…

The SQLi part was very slow…require a lot of patience :slight_smile:

can anyone vote 1 reset now they are 4 .
I am stuck at the sqli because it worked yesterday a bit and now it is not :frowning:

Type your comment> @MariaB said:

can anyone vote 1 reset now they are 4 .
I am stuck at the sqli because it worked yesterday a bit and now it is not :frowning:

Yeah, the same, I was stuck because the Fortress needed a reset…
It worked this afternoon for a while, it really takes ages to complete…
Voted +1 for reset

Heyyyo, been stuck on 4-th Flag,
r*l*r seems not to work
got dbcreds, but cant figure out what i have to do with that.
Any hints please?

@Looking4 me too .This machine doesnt make much sense .especially the sqli took me ages .
I am also stuck finding the 4 th flag .I will PM you

Stuck on the 3rd flag… Any hints please?

Spoiler Removed

@jkana101
Any reversing required at step4?

Nope, i wouldn’t call it that

.

Step 4 has shown me some things, I’ve tried EVERYTHING on this page: Attacking MS Exchange Web Interfaces – PT SWARM
I also tried looking up the Exchange “CANARY” attack, but, I don’t know how, & couldn’t find a good example. Though the clue (it’s a bird, it’s a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, that’s pretty broad. I got db creds too, weren’t good for much, just learning more about the setup. There was a hidden db making for 5 different databases.

I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e :slight_smile:

Got some zip files but dont know what to do with it