[FORTRESS] Context

Type your comment> @MariaB said:

can anyone vote 1 reset now they are 4 .
I am stuck at the sqli because it worked yesterday a bit and now it is not :frowning:

Yeah, the same, I was stuck because the Fortress needed a reset…
It worked this afternoon for a while, it really takes ages to complete…
Voted +1 for reset

Heyyyo, been stuck on 4-th Flag,
r*l*r seems not to work
got dbcreds, but cant figure out what i have to do with that.
Any hints please?

@Looking4 me too .This machine doesnt make much sense .especially the sqli took me ages .
I am also stuck finding the 4 th flag .I will PM you

Stuck on the 3rd flag… Any hints please?

Spoiler Removed

@jkana101
Any reversing required at step4?

Nope, i wouldn’t call it that

.

Step 4 has shown me some things, I’ve tried EVERYTHING on this page: Attacking MS Exchange Web Interfaces – PT SWARM
I also tried looking up the Exchange “CANARY” attack, but, I don’t know how, & couldn’t find a good example. Though the clue (it’s a bird, it’s a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, that’s pretty broad. I got db creds too, weren’t good for much, just learning more about the setup. There was a hidden db making for 5 different databases.

I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e :slight_smile:

Got some zip files but dont know what to do with it

Need some hints on 5th Flag, please.
So far i’ve got no clue.

EDIT: solved

same here stuck on the 5th flag :tired_face:

Type your comment> @sigeri said:

same here stuck on the 5th flag :tired_face:

I just got it. I actually had it, but I didn’t check my exfiltration data thoroughly. It’s in a table, a table with, “sensitive” data.

I dig this fortress! Had A LOT of phun so far. I always say I’m more of a *nix person, but somehow I’m getting the job done here. Just takes me 3 times longer because of the documentation I gotta read.

hm, that’s wierd. I’ve done SQLi part and get creds but it’s useless to the all of 3 connections ports (except site admin panel)
is it my fault or that’s the point?

upd. solved. thanks

Stuck on the third flag. Got creds for outlook. But can’t do anything from there. Any hints?

is there supposed to be a third flag once we gain access to the mail service?
eeh nvm got it

I’ve been stuck on the 4th flag for weeks now… playing with some cookies, but still generally lost. Anyone able to offer a nudge?

@pL4sTiC I am in the same situations if you are able to get some leads kindly help me.