Official Worker Discussion

Yeah, kinda ridiculous. I found a way to obtain some files, and also found a URL that requires creds. But I am not exactly sure where the creds are located, if they are in the files I obtained through a certain service. Any nudges for that piece? I think I have a database too but not sure if that is where I locate the creds. (Not sure what’s considered a spoiler or not, so please let me know if I am saying too much. Just PM me)

i found something interesting, started digging but im out of time. user blood gone. congrats it was fun.

got some files from s**s**** , two new hosts , a username , a login page and a database. Stuck here. I think there is a password somewhere but i’m not able to find anything.

are you guys using Kali’s built in wordlists? 'coz I’m not getting any luck there

Hey all. I would appreciate a nudge. I found the file. I got a password. Im able to add file, then commit, but cant find a way to use the file once on the web server! Always 404, file not found! Any hint on what im missing?

Type your comment> @gverre said:

Hey all. I would appreciate a nudge. I found the file. I got a password. Im able to add file, then commit, but cant find a way to use the file once on the web server! Always 404, file not found! Any hint on what im missing?

pr, merge, build

Type your comment> @gverre said:

Hey all. I would appreciate a nudge. I found the file. I got a password. Im able to add file, then commit, but cant find a way to use the file once on the web server! Always 404, file not found! Any hint on what im missing?

I am really struggling to find that file , found a lot of files through svn **** but can’t find any password. Any nudge?

@LegendHacker said:

@gverre said:
Hey all. I would appreciate a nudge. I found the file. I got a password. Im able to add file, then commit, but cant find a way to use the file once on the web server! Always 404, file not found! Any hint on what im missing?

I am really struggling to find that file , found a lot of files through svn **** but can’t find any password. Any nudge?

You should look at the man page of the command that you are using, a little parameter may do the trick :wink:

OK im gonna try, thank you so much!

Found the username and password, but they are not working with de****.w***.h**

Type your comment> @D8ll0 said:

Found the username and password, but they are not working with de****.w***.h**

Remove Burp Proxy :slight_smile:

That worked actually, thanks

I got the same problem. Got the good creds, can login in svn, but not on that dev**** page. I even reset the box. How have you resolved your issue?

I just turned off burp

Ok , got the user! Lost 3 hours. If it can help some, for me, that was an userAgent Switcher extension in firefox causing the issue!

Got root! Thx @ekenas Fun box. Some new stuff for me. It would have been pretty straight forward not having my auth issue.

Spoiler Removed

■■■■ d*****.***. is slow…

Hi all, I can see that some of you have grown a few new gray hairs while waiting for responses on worker. Sorry for that, but at the same time big congrats to all of you that pushed through!

If you find creds laying around and want to try them out make sure you only supply the base URL. In case you provide a path in the URL your login attempt might get rejected.

Type your comment> @idomino said:

■■■■ d*****.***. is slow…

exactly, literally no response. how to improve that? should I switch to us server?
nvm kinda works now.

any hints for rce after getting initial creds?