FARADAY Fotress Discussion

I have gotten the first 3 flags and gotten root in a container. Stuck with the 4th flag(25 point). I am not sure whether I should try to escape the container or try to attack other open ports. Not sure about the order that should be followed. Any help would be really appreciated.

I’m at the same point. I tried to escape the container unsuccessfully. Common techniques are not working.

I just started this fortress and I’ve got a 500 Internal Server Error when I try to create a user. Is it normal or the machine needs to be reset ? There’s 4 votes for a reset, anyone to demand a reset so it could be reseted ?


You dont have to escape the container. You shouod find some credentials and use then with another service.


It is normal. 500 error says that tge paylaad/request you are sending is not formatted properly (atleast thats what I underatood). Try finding what causes it to error out. If you need any hint, feel free to DM

After reset, I can signup then login. I couldn’t do that before. Thks Andres7ll

1 Like

Again, 500 response when I try to login. I’ve got the Warmup flag but now everything is down again. Anyone to vote for reset ?

1 Like

I searched everywhere on the filesystem in the container, no creds found. Am I missing something ?

so i got first flag but after that i am a bit clueless. tried many things and i see some filtering on one part. is that the way to go?

Hi there,
Service on port 8*** is not available. Only one vote needed to reset the box.

Could someone please DM me regarding the app listening on a port which is not the container? (don’t want to spoil this for others)
I got a shell from it at the first try, but then I wasn’t able to do it again, but now I can see someone else has a shell, I just don’t understand how this works. Maybe I run into someone else’s exploit?

there is a file that has what you need on the web dir

There is a common vulonarability that you have to exploit. If you want any hints dm me on discord kavigihan#8518

hello guys , has anyone managed the cra***e binary ?
I have a part of the flag , but I don’t know what’s the missing part of the binary is about.
From a first glance , I guess it’s missing 7 characters .
The problem is that when I see the assembly code , unless I’m mistaken somewhere , the two registers being compared at the final condition don’t depend on the input , but rather on a rip + offset address , pointing to an actual instructions and not data.
I could brute force it , but 7^62 combinations (low case + up case + digits + regular flag symbols) is pretty tough, more than 128 bits , and even if I guess what the last character is (same in every flag) , that still leaves me with 6^62 combinations.
What do you guys think ?

I just solved the crackme after a week . It’s simple af , and I feel like a moron .

1 Like

Nice one man … Am in the same boat as you were previously … got part of the flag but can’t put together the missing part … any nudge without spoilers?

I’ve got two advices :

  1. use a decompiler that can provide you with pseudo code instead of assembly . with assembly , it may be a bit difficult to see what the code is doing . I suggest using ghidra.

  2. no brute force is required , only one value , that can fulfill a certain inequality , and that you will use to backtrack the algorithm the other way around.
    think rule of 3 maybe :wink:


Thanks !

I got stuck after the first flag! any hints would be appreciated