Official Flight Discussion

Official discussion thread for Flight. Please do not post any spoilers or big hints.

Good luck everyone :slight_smile:

1 Like

Rooted! Solid Windows box. Very doable if you have a good base of Windows knowledge available.


The box creator might have accidentally left some artifacts behind that somewhat served as a walkthough :sweat_smile:

Creator consistently bringing out bangers though. Trick and Absolute are both fantastic.

I recently get the password for user s.moon, but dont know what to do next, any hint ?


Got user flag :kissing_heart:

great box. rooted, definitely a head scratcher. very realistic as far as the ‘harvesting’ went but did not like reuse of the method to get a shell, i thought it would have to be something else. but great box overall, kudos to the maker

I loved this box. 5/5. I learned a bunch

Just rooted, very nice windows machine, it was my first time trying the attack for the initial foothold. However my windows knowledge is definitely not the best. Lesson learned :smiley:
For anyone stuck feel free to PM.

Any idea how to proceed once you have the user c.**m?

what is running locacly check error, check perm by using icacls

Any hints on initial foothold?

theres a very common web vuln that will allow you to use re*****er to get some creds and then some enum and spraying will get you in

Ok. That’s what I suspected. I’m not getting anything from re*****er though. hmm…

What behavior should I expect if someone also is using re*****er? Will there be a collision in network?

are you forget how to use smbclient ? do not also forget “/somthing_or_maybe_enything_or_test”

enum the web server you may found somthing great take advantage and think like a beginner by winning access

i had trouble with this too, make sure your syntax is right, use a guide like hacktricks, and make sure you understand what is happeneing ‘under the hood’ i.e how your request gets processed

Thanks for the tip. I’ve been working through lots of different things, including syntax changes etc. Nothing is giving me anything back which is why I’m confused. I’ve done this before in real life lol

machines can be hella buggy at times, try resetting it. if i remember correctly, that helped me