Official Worker Discussion

2456789

Comments

  • Could use a small nudge, got the copy, not seeing a user other than what's in the db. Also as for the pw file... guessing that's just pure fuzz?

  • Type your comment> @gs4l said:

    I found something which looked like a username: aj******o and @aj**n. Are these the creds everyone is talking about? Found this inside the R****E.txt file. These doesn't seem to work for me, any hints?

    credential is username password combination. if people have found creds, it means they have both username and password. The usernames that you have found are not related to box itself, they are of creater(s) of website template

  • Already got access to d*****.w*****.h** but I can't get past there, the page is so slow. How can I improve that ?

    Check for writeups -> https://noxious.tech

  • @N0xi0us said:
    Already got access to d*****.w*****.h** but I can't get past there, the page is so slow. How can I improve that ?

    If you check the Discord you'll see everyone is having that problem. Doesn't appear to be a way to fix it at this point.

    Demethius

  • if someone could please give me a nudge on how to move further from d*****.w*****.h** . Can't find any method to exploit

    offs3cg33k

  • Okay. So I managed to find the cleartext user and pass. I was able to authenticate to the URL. d*****.******.***
    For those at this step or past this step, can someone PM some useful training for pentesting this kind of site. I'm not familiar with this one, and my google searches are not yielding the best or much results.
    I'm just looking for some things to begin learning about pentesting these types of backends and where to begin for this one. I know there was a book specifically for this one too, I just don't have that one X_X

  • Can someone help me on the svn part? Can't find anything there, msf doesn't work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

    Found all subdomains with the websites..

    Hack The Box

  • Type your comment> @sparkla said:

    Can someone help me on the svn part? Can't find anything there, msf doesn't work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

    Found all subdomains with the websites..

    From what I was messing around with, look up the commands for svn. It works a little bit like git, and git repositories.

  • okay so trying to change to dark mode was my worst mistake. its so SLOW

  • Type your comment> @sparkla said:

    Can someone help me on the svn part? Can't find anything there, msf doesn't work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

    Found all subdomains with the websites..

    Read the svn help for the commands you want to run

    Demethius

  • edited August 16

    I tried that but there should be a .s** dir and it complaints there isn't. So you used that just regularly on the domain?

    Instructions unclear, built shelfs instead.

    EDIT: No, actually it complains either that http/webdav is not supported or that "it" is not a working copy.

    Hack The Box

  • Got a shell but just can't get user, now just mindlessly searching through c:\users... a nudge would be appreciated. :)

  • Type your comment> @sparkla said:

    I tried that but there should be a .s** dir and it complaints there isn't. So you used that just regularly on the domain?

    Instructions unclear, built shelfs instead.

    PM me if you want a nudge

    Demethius

  • If you can not auth with the credit, you may try to kill all your proxy software, including ShadowSockesR and burpsuite and try it again. Credit should be plain.

  • edited August 16

    I really hope theres nothing to do on the de******** vhost since its impossible to reach it.

    edit : nevermind :) the page finally loaded lol

  • Rooted after fighting with the web page for a bit. Feel free to PM for hints.

    Hack The Box

  • Could someone give me a slight nudge ? I have found a lot of information including the de******* I just haven't found anything in the way of users yet.

  • Type your comment> @sparkla said:

    Can someone help me on the svn part? Can't find anything there, msf doesn't work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

    Found all subdomains with the websites..

    I was having the same issue. I pulled up SVN command manual and just worked my way down the commands. Eventually, there is a command that gives you a lot more information. You combine a few of them and you will see right away what you are looking for.

  • Cool box, but with some serious performance issues. I don't even want to know how bad it is on non-VIP. For anyone having a go, I'd seriously recommend spending some time on the API documentation.

    clubby789

    • GCIH
      If you need help with something, PM me how far you've got already, what you've tried etc (I won't respond to profile comments, or on box release night). And remember to +respect me if I helped you ; )
  • Type your comment> @psychocircus said:
    > Could someone give me a slight nudge ? I have found a lot of information including the de******* I just haven't found anything in the way of users yet.

    Hopefully this isn't too much of a spoiler, but think more about how the service you got the website information from works. Just because a file doesn't currently exist on it doesn't mean it didn't at some point in the past.

    Hack The Box

  • I have been getting a 503 error when trying to connect to s******.w*****.***. Is this intentional or am I missing something here? Pinging the same url works fine.

    Hack The Box

  • could use a bump on the priv from shell to 1st user please.
    Bumping around for hours now :disappointed:

  • edited August 16

    uploaded my shell , but no able to find the location where to query it in my browser. Anybody can pm me please?

  • Type your comment> @LegendHacker said:

    uploaded my shell , but no able to find the location where to query it in my browser. Anybody can pm me please?

    Check the repository's name where the file is uploaded...

    Fr0Ggi3sOnTour

  • Type your comment> @choupit0 said:
    > Type your comment> @LegendHacker said:
    >
    > (Quote)
    > Check the repository's name where the file is uploaded...

    Yeah I noticed that, but still nothing. Whats going on?
  • If you are doing what I think you are doing, you are not uploading your shell to the right place. Did you see the note that they moved?

    4t0ys3d

  • Spoiler Removed

    Fr0Ggi3sOnTour

  • Type your comment> @PrivacyMonk3y said:

    could use a bump on the priv from shell to 1st user please.
    Bumping around for hours now :disappointed:

    If you got a shell, you have the right user(s) now, just find a list of passwords...

    Fr0Ggi3sOnTour

  • any alternatives to super slow web ui?

  • Type your comment> @batemaster said:

    any alternatives to super slow web ui?

    -> VIP Servers ;)

    Fr0Ggi3sOnTour

Sign In to comment.