[JET] Fortress

Tutorials Other
,
1

Hi there,

after enumerating this fortress i noticed the two ports which is just like on Pwn Challenges. however, it doesnt have any file given on this Fortress Machine. can anybody there give me some hint/tips/clue that might be helpful to continue just want some ideas to kick off.

Feel free to PM me here and mattermost (same username)

2

I’ve Pm’d you, if anyone could give me a push in the right direction on the method to bypass authentication I’d be stoked. Been stuck on this one for a bit.

3

anyone who has command able to PM me wondering if im on the right track

4

@Vipertooth said:
anyone who has command able to PM me wondering if im on the right track

Shoot me a message and I’ll try to steer you without spoilers

5

please can I have a hint of where to find the files, I tried alot of stuff so I think I must be missing something.

6

im stuck at elasticity, i know why it’s called elasticity, but cant get flag.

7

could someone confirm which port is right and if it has been patched or no ?

8

Anyone get anywhere with elasticity? stuck and need a idea.

9

how come fortress is so underrated in forums?

10

I do enjoy the hints in the progress page.

11

Can someone pls give me a nudge on elasticity? I only managed to find two parameters that give me some queries back but then i am stuck. Tried the obvious exploit with all kind of different methods but no luck :confused:

12

I am dying on this fortress, if anyone has a spare moment love to pick le brain. I am the same name on mattermost

13

Can anyone confirm if the Command part still in the web part ? or have any hint ? i’m stucked in this part for days :frowning:

14

it might help if you inspect the traffic you’re sending to any of the services
@cdoisponto

15

anyone able to PM me on the overflown flag, struggling to find the application to overflow? if thats it at all aha

16

@badman89 said:
anyone able to PM me on the overflown flag, struggling to find the application to overflow? if thats it at all aha

I’m at t that point too! I think that is the leak file…but I’m not sure

17

@egre55 said:
it might help if you inspect the traffic you’re sending to any of the services
@cdoisponto

Yes, done! thanks … hahaha I did not know this vuln.

18

should everything be done in this order?

Digging in…
Going Deeper
Bypassing Authentication
Command
Overflown
Secret Message
Elasticity
Member Manager
More Secrets
Memo

found some things, dont know which order should i dig in

19

@m0nek said:
should everything be done in this order?

Digging in…
Going Deeper
Bypassing Authentication
Command
Overflown
Secret Message
Elasticity
Member Manager
More Secrets
Memo

found some things, dont know which order should i dig in

For the initial flags (Connect to Command) the order is important and is an obligatory path.

But for the other challenges the order is not strict

20

Thanks, what i cant understand is why i can see overflow tasks even if i havent passed starting from “Digging in” ? Or maybe i need a hint? thanks!