Posts: 23 Threads: 0 Joined: N/A I saw that there is no thread to discuss Synacktiv fortress so here it is.
I’m stuck at SpongeBob Neighbour, I have access to the new network via VPN but can’t make Squid to work on .43.1:3128, hints are appreciated, thanks Posts: 132 Threads: 0 Joined: N/A (July 6, 2022, 10:03 AM)mrfart Wrote: I saw that there is no thread to discuss Synacktiv fortress so here it is.
I’m stuck at SpongeBob Neighbour, I have access to the new network via VPN but can’t make Squid to work on .43.1:3128, hints are appreciated, thanks Hi, could you share the first 3 steps that you've completed with us (not the flags) so we'll be able to try with you the next step ! Posts: 23 Threads: 0 Joined: N/A (July 6, 2022, 03:54 PM)fironeDerbert Wrote: (July 6, 2022, 10:03 AM)mrfart Wrote: I saw that there is no thread to discuss Synacktiv fortress so here it is.
I’m stuck at SpongeBob Neighbour, I have access to the new network via VPN but can’t make Squid to work on .43.1:3128, hints are appreciated, thanks
Hi, could you share the first 3 steps that you've completed with us (not the flags) so we'll be able to try with you the next step ! It is a lot of steps. Where are you stuck? Posts: 132 Threads: 0 Joined: N/A (July 6, 2022, 11:36 PM)mrfart Wrote: (July 6, 2022, 03:54 PM)fironeDerbert Wrote: (July 6, 2022, 10:03 AM)mrfart Wrote: I saw that there is no thread to discuss Synacktiv fortress so here it is.
I’m stuck at SpongeBob Neighbour, I have access to the new network via VPN but can’t make Squid to work on .43.1:3128, hints are appreciated, thanks
Hi, could you share the first 3 steps that you've completed with us (not the flags) so we'll be able to try with you the next step !
It is a lot of steps. Where are you stuck? I'm stuck on the first step, I found the dev subdomain and I discovered that the cookie is link to the other other website but not the login form Posts: 23 Threads: 0 Joined: N/A (July 7, 2022, 09:14 AM)fironeDerbert Wrote: (July 6, 2022, 11:36 PM)mrfart Wrote: (July 6, 2022, 03:54 PM)fironeDerbert Wrote: (July 6, 2022, 10:03 AM)mrfart Wrote: I saw that there is no thread to discuss Synacktiv fortress so here it is.
I’m stuck at SpongeBob Neighbour, I have access to the new network via VPN but can’t make Squid to work on .43.1:3128, hints are appreciated, thanks
Hi, could you share the first 3 steps that you've completed with us (not the flags) so we'll be able to try with you the next step !
It is a lot of steps. Where are you stuck?
I'm stuck on the first step, I found the dev subdomain and I discovered that the cookie is link to the other other website but not the login form You can use the synacktiv - EOS tool to dump the source code of the dev website, look for it on github Posts: 16 Threads: 0 Joined: N/A Hi,
I've got the source code and managed to login with the admin user in both domains, but I'm stuck, I've been playing around with the upload functionality and also with the profiler tool without success. Any hint?
Thanks!!! Posts: 16 Threads: 0 Joined: N/A Hi,
I was able to solve flags 1 and 2 but I'm stuck on flag 3, trying to reverse the encryption algorithm. Anybody can help with that? Posts: 3 Threads: 0 Joined: N/A (July 8, 2022, 10:52 PM)mrfart Wrote: (July 7, 2022, 09:14 AM)fironeDerbert Wrote: (July 6, 2022, 11:36 PM)mrfart Wrote: (July 6, 2022, 03:54 PM)fironeDerbert Wrote: (July 6, 2022, 10:03 AM)mrfart Wrote: I saw that there is no thread to discuss Synacktiv fortress so here it is.
I’m stuck at SpongeBob Neighbour, I have access to the new network via VPN but can’t make Squid to work on .43.1:3128, hints are appreciated, thanks
Hi, could you share the first 3 steps that you've completed with us (not the flags) so we'll be able to try with you the next step !
It is a lot of steps. Where are you stuck?
I'm stuck on the first step, I found the dev subdomain and I discovered that the cookie is link to the other other website but not the login form
You can use the synacktiv - EOS tool to dump the source code of the dev website, look for it on github whe did you find the password hash to generate cookies? Posts: 16 Threads: 0 Joined: N/A (July 18, 2022, 02:55 PM)p01terge1st Wrote: (July 8, 2022, 10:52 PM)mrfart Wrote: (July 7, 2022, 09:14 AM)fironeDerbert Wrote: (July 6, 2022, 11:36 PM)mrfart Wrote: (July 6, 2022, 03:54 PM)fironeDerbert Wrote: Hi, could you share the first 3 steps that you've completed with us (not the flags) so we'll be able to try with you the next step !
It is a lot of steps. Where are you stuck?
I'm stuck on the first step, I found the dev subdomain and I discovered that the cookie is link to the other other website but not the login form
You can use the synacktiv - EOS tool to dump the source code of the dev website, look for it on github
whe did you find the password hash to generate cookies? I'm not sure what you mean with "password hash to generate cookies".... but you don't need to create any cookie. If you look at the source code of the AdminController you see that you need a certain username to access the restricted parts of the web, reading IndexController you can see that the login and register method both use username, password and IP, you just have to find a way to create a user in the web that tricks the application to believe you are that user. If you create the user in the development subdomain you can reuse the cookie in the main domain, i think that's what fironeDerbert means. Posts: 23 Threads: 0 Joined: N/A July 19, 2022 at 11:09 PM (July 16, 2022, 04:35 PM)orwell1984 Wrote: Hi,
I was able to solve flags 1 and 2 but I'm stuck on flag 3, trying to reverse the encryption algorithm. Anybody can help with that? This was a pain. What I did was copy the code, modify a little bit so it can print the key and run it locally. After reversing that, you will get a flag. Using the flag as the key to unlock the mobile app will give you the password for the VPN access. |
