A new fortress has been released. Started poking around, looks interesting.
Ah looks quite troublesome, or I am just realizing I still have so much space to grow !
any hints to begin with ?
Looking deeply helps a lot
stuck on SQLi
Lemme try & be nice…
- view-source:???
- SQLi
- Log in, Click around
I was going to ask for some help, but I didn’t realize this was a totally new Fortress. I guess I should just “try harder”. But dammit, if I try any harder I’ll probably break my keyboard! sigh j/k
Type your comment> @Zot said:
Lemme try & be nice…
- view-source:???
- SQLi
- Log in, Click around
I was going to ask for some help, but I didn’t realize this was a totally new Fortress. I guess I should just “try harder”. But dammit, if I try any harder I’ll probably break my keyboard! sigh j/k
Stuck on SQLi as well…
The SQLi part was very slow…require a lot of patience
can anyone vote 1 reset now they are 4 .
I am stuck at the sqli because it worked yesterday a bit and now it is not
Type your comment> @MariaB said:
can anyone vote 1 reset now they are 4 .
I am stuck at the sqli because it worked yesterday a bit and now it is not
Yeah, the same, I was stuck because the Fortress needed a reset…
It worked this afternoon for a while, it really takes ages to complete…
Voted +1 for reset
Heyyyo, been stuck on 4-th Flag,
r*l*r seems not to work
got dbcreds, but cant figure out what i have to do with that.
Any hints please?
@Looking4 me too .This machine doesnt make much sense .especially the sqli took me ages .
I am also stuck finding the 4 th flag .I will PM you
Stuck on the 3rd flag… Any hints please?
Spoiler Removed
@jkana101
Any reversing required at step4?
Nope, i wouldn’t call it that
.
Step 4 has shown me some things, I’ve tried EVERYTHING on this page: Attacking MS Exchange Web Interfaces – PT SWARM
I also tried looking up the Exchange “CANARY” attack, but, I don’t know how, & couldn’t find a good example. Though the clue (it’s a bird, it’s a plane) was like, you know, canary, a bird. Think that one is too old anyways, sigh maybe i should be thinking super, but, that’s pretty broad. I got db creds too, weren’t good for much, just learning more about the setup. There was a hidden db making for 5 different databases.
I can now safely, & honestly say, that Step 4 has NOTHING to do with Exc****e
Got some zip files but dont know what to do with it