Official Worker Discussion

Found the username and password, but they are not working with de****.w***.h**

Type your comment> @D8ll0 said:

Found the username and password, but they are not working with de****.w***.h**

Remove Burp Proxy :slight_smile:

That worked actually, thanks

I got the same problem. Got the good creds, can login in svn, but not on that dev**** page. I even reset the box. How have you resolved your issue?

I just turned off burp

Ok , got the user! Lost 3 hours. If it can help some, for me, that was an userAgent Switcher extension in firefox causing the issue!

Got root! Thx @ekenas Fun box. Some new stuff for me. It would have been pretty straight forward not having my auth issue.

Spoiler Removed

■■■■ d*****.***. is slow…

Hi all, I can see that some of you have grown a few new gray hairs while waiting for responses on worker. Sorry for that, but at the same time big congrats to all of you that pushed through!

If you find creds laying around and want to try them out make sure you only supply the base URL. In case you provide a path in the URL your login attempt might get rejected.

Type your comment> @idomino said:

■■■■ d*****.***. is slow…

exactly, literally no response. how to improve that? should I switch to us server?
nvm kinda works now.

any hints for rce after getting initial creds?

Done. Nice box. Box does not contain any CTF or “guessing” parts. Kudos to @ekenas for this.

I found something which looked like a username: ajo and @ajn. Are these the creds everyone is talking about? Found this inside the RE.txt file. These doesn’t seem to work for me, any hints?

Could use a small nudge, got the copy, not seeing a user other than what’s in the db. Also as for the pw file… guessing that’s just pure fuzz?

Type your comment> @gs4l said:

I found something which looked like a username: ajo and @ajn. Are these the creds everyone is talking about? Found this inside the RE.txt file. These doesn’t seem to work for me, any hints?

credential is username password combination. if people have found creds, it means they have both username and password. The usernames that you have found are not related to box itself, they are of creater(s) of website template

Already got access to d*****.w*****.h** but I can’t get past there, the page is so slow. How can I improve that ?

@N0xi0us said:
Already got access to d*****.w*****.h** but I can’t get past there, the page is so slow. How can I improve that ?

If you check the Discord you’ll see everyone is having that problem. Doesn’t appear to be a way to fix it at this point.

if someone could please give me a nudge on how to move further from d*****.w*****.h** . Can’t find any method to exploit

Okay. So I managed to find the cleartext user and pass. I was able to authenticate to the URL. d*****.***.
For those at this step or past this step, can someone PM some useful training for pentesting this kind of site. I’m not familiar with this one, and my google searches are not yielding the best or much results.
I’m just looking for some things to begin learning about pentesting these types of backends and where to begin for this one. I know there was a book specifically for this one too, I just don’t have that one X_X

Type your comment> @sparkla said:

Can someone help me on the svn part? Can’t find anything there, msf doesn’t work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

Found all subdomains with the websites…

From what I was messing around with, look up the commands for svn. It works a little bit like git, and git repositories.