Spoiler Removed
Nope, i wouldnāt call it that
.
Step 4 has shown me some things, Iāve tried EVERYTHING on this page: Attacking MS Exchange Web Interfaces ā PT SWARM
I also tried looking up the Exchange āCANARYā attack, but, I donāt know how, & couldnāt find a good example. Though the clue (itās a bird, itās a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, thatās pretty broad. I got db creds too, werenāt good for much, just learning more about the setup. There was a hidden db making for 5 different databases.
I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e
Got some zip files but dont know what to do with it
Need some hints on 5th Flag, please.
So far iāve got no clue.
EDIT: solved
same here stuck on the 5th flag
Type your comment> @sigeri said:
same here stuck on the 5th flag
I just got it. I actually had it, but I didnāt check my exfiltration data thoroughly. Itās in a table, a table with, āsensitiveā data.
I dig this fortress! Had A LOT of phun so far. I always say Iām more of a *nix person, but somehow Iām getting the job done here. Just takes me 3 times longer because of the documentation I gotta read.
hm, thatās wierd. Iāve done SQLi part and get creds but itās useless to the all of 3 connections ports (except site admin panel)
is it my fault or thatās the point?
upd. solved. thanks
Stuck on the third flag. Got creds for outlook. But canāt do anything from there. Any hints?
is there supposed to be a third flag once we gain access to the mail service?
eeh nvm got it
Iāve been stuck on the 4th flag for weeks nowā¦ playing with some cookies, but still generally lost. Anyone able to offer a nudge?
Anyone able to give a nudge on the 3rd flag? I have the web login info and got to check my mail. I notice a certain someone likes not checking URLs, but not sure how I can leverage it to my advantage. I tried ārespondingā to his requests, but nothing of value come in.
Any help appreciated!
Nvm solved. Pm if stuck
Im stuck on the third flag. Logged in. Searched everywhere for everything. Empty, empty, empty and totally empyā¦ Is the box ready for a reset?? Perhaps someone was triggerhappy on the delete button??? Or am I on the wrong path here?
edit: Clicked everywhereā¦ but thereā¦ got it now.
Type your comment> @f1rstr3am said:
Im stuck on the third flag. Logged in. Searched everywhere for everything. Empty, empty, empty and totally empyā¦ Is the box ready for a reset?? Perhaps someone was triggerhappy on the delete button??? Or am I on the wrong path here?
No. Itās there, but the way into the place where you can find it might be not so obvious but once you have it: facepalm.
Thatās a very typical Microsoft guiā¦ ?