Official Worker Discussion

1246789

Comments

  • edited August 17

    Type your comment> @falsepromise said:

    Type your comment> @rholas said:

    I found creds for de....s.......htb page, but I get only an empty page.
    This is a rabbit hole?

    you can use de***.****.htb in next steps

    Yes but this is only a white empty page
    Can you confirm d........htb page working after add user/pass?

  • Az*** CD/CI is broken beyond repair. Someone helped me how to do it, I tried for an hour again and again, I can't merge and the plattform got more weird with each try. Has this been coded by Microsoft or what?

    SCNR :D

    Hack The Box

  • edited August 17

    ROOTED!!!!! Finally

    Thank you @Demethius for all nudges

    @ekenas The box was good, slow though. And I really felt the
    ndasecureidontknowthisisgettingrediculousiagreetosomepointisthisenoughdummyuserscanyouseewhichonesare

    offs3cg33k

  • Rooted here. Had to close firefox or clear web cache to continue forward. It's a fun box though.

  • Spoiler Removed

  • Rooted! Nice box to fool around with a new dev tool. Box a bit slow when I was the only person on it so maybe VM spec isnt high enough once you get into the tool.

    Plenty of good hints in this thread apart from root. My hint for that is to evaluate the difference between the users you have.

    alt text

  • I found the user.txt through r****** but when i am trying to submit it as the user flag, it's showing incorrect flag.
    am i on the right track?

  • Is it taking everyone else 30+ seconds to move around in this webapp?

    ori0nx3

  • edited August 17

    Spoiler Removed

  • @0xph4r40h said:
    I found the user.txt through r****** but when i am trying to submit it as the user flag, it's showing incorrect flag.
    am i on the right track?

    maybe it's because of "dynamic flag rotation" thing that everyone talks about. Try resetting box, if it doesn't work, submit a ticket.

  • Rooted the machine (: User was a bit tricky at start. Root was easy then the user. The box doesn't gives the best responses though. Pm for nudges ;)

  • @ori0nx3 said:
    Is it taking everyone else 30+ seconds to move around in this webapp?

    apparently it's very slow in free servers. workaround for me was changing server location and sticking with fastest one.

  • Type your comment> @m1r3x said:

    apparently it's very slow in free servers. workaround for me was changing server location and sticking with fastest one.

    Thanks, I will try that. The automatic cleanup is removing everything before I can complete the process...

    ori0nx3

  • Type your comment> @ori0nx3 said:
    > Type your comment> @m1r3x said:
    >
    > (Quote)
    > Thanks, I will try that. The automatic cleanup is removing everything before I can complete the process...

    I can feel the pain
  • Type your comment> @m1r3x said:

    I can feel the pain

    Haha, switching servers made a night and day difference. Super fast now. Thank you 👍

    ori0nx3

  • Type your comment> @rholas said:

    Type your comment> @falsepromise said:

    Type your comment> @rholas said:

    I found creds for de....s.......htb page, but I get only an empty page.
    This is a rabbit hole?

    you can use de***.****.htb in next steps

    Yes but this is only a white empty page
    Can you confirm d........htb page working after add user/pass?

    yes will be work if you enter the currect cred
    maybe its cuz of server that show you empty page

  • Nice box, rooted today.
    As a software developer myself, I liked this box.
    Performance of the box was not very good. pm for hints :wink: .

  • Rooted. Very interesting box, everything would be better and smother if it was normally operating rather than like old dial-up connection. PM for hints.

  • edited August 21

    Nothing to see here.

  • rooted
    very interesting box good learning
    just unstable in sometimes idk why?
    and who are reseting the box that much without any reset you get it just focus
    good luck

  • Is there a problem with the box? nmap scan only gives me 2 ports open. but from inside the box I can see that it listening on a few more on 0.0.0.0. Feels Like I need atleast one of them to escalate to user?

  • Type your comment> @malm said:

    Is there a problem with the box? nmap scan only gives me 2 ports open. but from inside the box I can see that it listening on a few more on 0.0.0.0. Feels Like I need atleast one of them to escalate to user?

    There are more than two ports open... One of them may not show up if you only scan the top 1000.

    ori0nx3

  • Type your comment> @ori0nx3 said:
    > Type your comment> @m1r3x said:
    >
    > (Quote)
    > Haha, switching servers made a night and day difference. Super fast now. Thank you 👍

    You are welcome
  • Guys and gals, it is super easy to hide away your own files on a Windows box. Please don't leave files lying around in very visible places...

    ori0nx3

  • Type your comment> @ori0nx3 said:

    Type your comment> @malm said:

    Is there a problem with the box? nmap scan only gives me 2 ports open. but from inside the box I can see that it listening on a few more on 0.0.0.0. Feels Like I need atleast one of them to escalate to user?

    There are more than two ports open... One of them may not show up if you only scan the top 1000.

    have done -p- scan multiple times, might have to wait until there is less people on this box..

  • Type your comment> @malm said:

    have done -p- scan multiple times, might have to wait until there is less people on this box..

    You could try switching servers?

    ori0nx3

  • edited August 18

    Rooted just now: Very interesting machine and learned a bunch of stuff.

    My hints!
    For User: There may be more than 1 tray.
    For Root: Comeback to Initial foothold with new things. ;)

    Hit me for cryptic nudges.

    @ekenas Thanks for the wonderful machine. But I don't know why the web page was slow as dead.

    A Chemist doing Penetration Testing - Check the Story here: BinaryBiceps

  • I don't understand. What am I doing wrong?
    Some guys said that the creds is used in plain text.
    I tried it over and over again, without proxy, even used
    curl -v "http://d.w.h" --ntlm -u d.w.h/user:pass --noproxy "*".
    For now, still no luck.

  • Rooted, nice box, learn a lot. But the perfomence was ........................ LOADING ......................................... not so nice

    Hack The Box

  • Rooted. Not so hard. Pretty straightforward box :)

    jkana101
    OSCP | Sec+ | MCSE | VCP | CCNA

Sign In to comment.