Official Flight Discussion

system · November 5, 2022, 3:00pm

Official discussion thread for Flight. Please do not post any spoilers or big hints.

RubikCuv5 · November 5, 2022, 6:59pm

Good luck everyone

JacobE · November 6, 2022, 12:55am

Rooted! Solid Windows box. Very doable if you have a good base of Windows knowledge available.

JacobE · November 6, 2022, 12:57am

The box creator might have accidentally left some artifacts behind that somewhat served as a walkthough

Creator consistently bringing out bangers though. Trick and Absolute are both fantastic.

el_indio · November 6, 2022, 1:51am

I recently get the password for user s.moon, but dont know what to do next, any hint ?

Thanks!!

suraj · November 6, 2022, 5:06pm

Got user flag

SAgnihotri · November 7, 2022, 3:15pm

great box. rooted, definitely a head scratcher. very realistic as far as the ‘harvesting’ went but did not like reuse of the method to get a shell, i thought it would have to be something else. but great box overall, kudos to the maker

XSSDoctor · November 8, 2022, 11:46am

I loved this box. 5/5. I learned a bunch

nullb1te · November 8, 2022, 7:22pm

Just rooted, very nice windows machine, it was my first time trying the attack for the initial foothold. However my windows knowledge is definitely not the best. Lesson learned
For anyone stuck feel free to PM.

petricor · November 14, 2022, 8:03pm

Any idea how to proceed once you have the user c.**m?

p4p4 · November 14, 2022, 8:48pm

what is running locacly check error, check perm by using icacls

NinjaRockstar · November 15, 2022, 7:46pm

Any hints on initial foothold?

SAgnihotri · November 17, 2022, 9:43am

theres a very common web vuln that will allow you to use re*****er to get some creds and then some enum and spraying will get you in

NinjaRockstar · November 17, 2022, 4:02pm

Ok. That’s what I suspected. I’m not getting anything from re*****er though. hmm…

m4rsh3ll · November 17, 2022, 4:30pm

What behavior should I expect if someone also is using re*****er? Will there be a collision in network?

p4p4 · November 17, 2022, 8:42pm

are you forget how to use smbclient ? do not also forget “/somthing_or_maybe_enything_or_test”

p4p4 · November 17, 2022, 8:48pm

enum the web server you may found somthing great take advantage and think like a beginner by winning access

SAgnihotri · November 18, 2022, 10:32am

i had trouble with this too, make sure your syntax is right, use a guide like hacktricks, and make sure you understand what is happeneing ‘under the hood’ i.e how your request gets processed

NinjaRockstar · November 18, 2022, 4:49pm

Thanks for the tip. I’ve been working through lots of different things, including syntax changes etc. Nothing is giving me anything back which is why I’m confused. I’ve done this before in real life lol

SAgnihotri · November 20, 2022, 5:05am

machines can be hella buggy at times, try resetting it. if i remember correctly, that helped me

Topic		Replies	Views
Official BroScience Discussion Machines	56	5527	May 1, 2023
Official Overflow Discussion Machines	15	1505	March 23, 2022
Official Resource Discussion Machines	156	4497	November 23, 2024
Official Derailed Discussion Machines	15	2811	July 7, 2023
Official Proper Discussion Machines	31	4343	August 19, 2021

Official Flight Discussion

Related topics