[FORTRESS] Context

Spoiler Removed

@jkana101
Any reversing required at step4?

Nope, i wouldnā€™t call it that

.

Step 4 has shown me some things, Iā€™ve tried EVERYTHING on this page: Attacking MS Exchange Web Interfaces ā€“ PT SWARM
I also tried looking up the Exchange ā€œCANARYā€ attack, but, I donā€™t know how, & couldnā€™t find a good example. Though the clue (itā€™s a bird, itā€™s a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, thatā€™s pretty broad. I got db creds too, werenā€™t good for much, just learning more about the setup. There was a hidden db making for 5 different databases.

I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e :slight_smile:

Got some zip files but dont know what to do with it

Need some hints on 5th Flag, please.
So far iā€™ve got no clue.

EDIT: solved

same here stuck on the 5th flag :tired_face:

Type your comment> @sigeri said:

same here stuck on the 5th flag :tired_face:

I just got it. I actually had it, but I didnā€™t check my exfiltration data thoroughly. Itā€™s in a table, a table with, ā€œsensitiveā€ data.

I dig this fortress! Had A LOT of phun so far. I always say Iā€™m more of a *nix person, but somehow Iā€™m getting the job done here. Just takes me 3 times longer because of the documentation I gotta read.

hm, thatā€™s wierd. Iā€™ve done SQLi part and get creds but itā€™s useless to the all of 3 connections ports (except site admin panel)
is it my fault or thatā€™s the point?

upd. solved. thanks

Stuck on the third flag. Got creds for outlook. But canā€™t do anything from there. Any hints?

is there supposed to be a third flag once we gain access to the mail service?
eeh nvm got it

Iā€™ve been stuck on the 4th flag for weeks nowā€¦ playing with some cookies, but still generally lost. Anyone able to offer a nudge?

@pL4sTiC I am in the same situations if you are able to get some leads kindly help me.

Anyone able to give a nudge on the 3rd flag? I have the web login info and got to check my mail. I notice a certain someone likes not checking URLs, but not sure how I can leverage it to my advantage. I tried ā€˜respondingā€™ to his requests, but nothing of value come in.

Any help appreciated!

Nvm solved. Pm if stuck

Im stuck on the third flag. Logged in. Searched everywhere for everything. Empty, empty, empty and totally empyā€¦ Is the box ready for a reset?? Perhaps someone was triggerhappy on the delete button??? Or am I on the wrong path here?

edit: Clicked everywhereā€¦ but thereā€¦ got it now.

Type your comment> @f1rstr3am said:

Im stuck on the third flag. Logged in. Searched everywhere for everything. Empty, empty, empty and totally empyā€¦ Is the box ready for a reset?? Perhaps someone was triggerhappy on the delete button??? Or am I on the wrong path here?

No. Itā€™s there, but the way into the place where you can find it might be not so obvious but once you have it: facepalm.

Thatā€™s a very typical Microsoft guiā€¦ ?