[JET] Fortress

dodo · August 14, 2018, 1:00pm

Maybe because the tasks that you see on enum phase are not the ‘overflown’ challenge…

w31rd0 · August 14, 2018, 1:32pm

i struggle to figure out what the going deeper means xD

m0nek · August 15, 2018, 8:19am

@dodo said:
Maybe because the tasks that you see on enum phase are not the ‘overflown’ challenge…

Got it, that is what i wanted to know.

@w31rd0 said:
i struggle to figure out what the going deeper means xD

i am wondering if digging is related with dig-ging ))

Rooted2u · September 5, 2018, 9:16pm

Hi, can anyone me nudge me in the right direction? I’m still in the two binaries… Please PM me

WillIWas · September 23, 2018, 3:47am

kinda got lost after first flag… Would love some help for initial foothold, PM

dodo · September 23, 2018, 12:06pm

dig or drill it!

raouf09 · September 25, 2018, 3:54pm

i got some flag but no digging in i got the flags after
i cant find the real web site
any hint

tzar19 · November 2, 2018, 4:28pm

Anyone Able to lend a pointer on the Command flag?

Skunkfoot · November 17, 2018, 2:51am

Feel free to PM me about Digging In or Going Deeper (although this one is pretty trivial tbh), haven’t gotten past that yet though.

evandrix · December 14, 2018, 7:30pm

@tzar19 said:
Anyone able to lend a pointer on the Command flag?

i would like to ask too … is it XSS?

billbrasky · December 14, 2018, 7:41pm

If you’re at the point where you are looking at a particular thing to exploit, look closely at how it is structured and you should be able to figure out how to attack it.

evandrix · December 14, 2018, 8:15pm

not sure if i am there yet

i’m looking at some dashboard, with almost all functionality disabled, except for that one

am i supposed to attack the framework? i.e. find a CVE, use msf etc.

billbrasky · December 14, 2018, 8:18pm

You’re on the right track with that one. I don’t wanna give away too much, but feel free to PM me if you get stuck.

evandrix · December 14, 2018, 8:24pm

yep ok, i’ll keep going down that rabbit hole first

Skunkfoot · December 14, 2018, 8:58pm

I’m in the same boat as you @evandrix. I figure the attack vector has to be related to that thing, since it’s basically the only thing there.

evandrix · December 15, 2018, 1:20am

yeah, they designed this box well

i think it is to do with the hidden thing?

the progress titles give some hint? Command…

Ryan412 · December 15, 2018, 10:42am

@evandrix said:

@tzar19 said:
Anyone able to lend a pointer on the Command flag?

i would like to ask too … is it XSS?

I hope this is not a spoiler: It is not XSS

============================

Can we actually get any of these flags:
Secret Message
Elasticity
Member Manager
Memo

without overflown? or is it necessary to get overflown before finishing them?

billbrasky · December 15, 2018, 5:38pm

It doesn’t appear to be necessary to get overflown first. I just got “More Secrets” without it.

Ryan412 · December 16, 2018, 9:33am

@billbrasky said:
It doesn’t appear to be necessary to get overflown first. I just got “More Secrets” without it.

I didn’t write “more secrets” in my initial comment for this reason I’m talking about the other flags

billbrasky · December 21, 2018, 6:52pm

Is anyone able to provide any nudges with Memo and Member Manager? I have the files in question but am scratching my head on how to approach these.