Official Worker Discussion

I just turned off burp

Ok , got the user! Lost 3 hours. If it can help some, for me, that was an userAgent Switcher extension in firefox causing the issue!

Got root! Thx @ekenas Fun box. Some new stuff for me. It would have been pretty straight forward not having my auth issue.

Spoiler Removed

■■■■ d*****.***. is slow…

Hi all, I can see that some of you have grown a few new gray hairs while waiting for responses on worker. Sorry for that, but at the same time big congrats to all of you that pushed through!

If you find creds laying around and want to try them out make sure you only supply the base URL. In case you provide a path in the URL your login attempt might get rejected.

Type your comment> @idomino said:

■■■■ d*****.***. is slow…

exactly, literally no response. how to improve that? should I switch to us server?
nvm kinda works now.

any hints for rce after getting initial creds?

Done. Nice box. Box does not contain any CTF or “guessing” parts. Kudos to @ekenas for this.

I found something which looked like a username: ajo and @ajn. Are these the creds everyone is talking about? Found this inside the RE.txt file. These doesn’t seem to work for me, any hints?

Could use a small nudge, got the copy, not seeing a user other than what’s in the db. Also as for the pw file… guessing that’s just pure fuzz?

Type your comment> @gs4l said:

I found something which looked like a username: ajo and @ajn. Are these the creds everyone is talking about? Found this inside the RE.txt file. These doesn’t seem to work for me, any hints?

credential is username password combination. if people have found creds, it means they have both username and password. The usernames that you have found are not related to box itself, they are of creater(s) of website template

Already got access to d*****.w*****.h** but I can’t get past there, the page is so slow. How can I improve that ?

@N0xi0us said:
Already got access to d*****.w*****.h** but I can’t get past there, the page is so slow. How can I improve that ?

If you check the Discord you’ll see everyone is having that problem. Doesn’t appear to be a way to fix it at this point.

if someone could please give me a nudge on how to move further from d*****.w*****.h** . Can’t find any method to exploit

Okay. So I managed to find the cleartext user and pass. I was able to authenticate to the URL. d*****.***.
For those at this step or past this step, can someone PM some useful training for pentesting this kind of site. I’m not familiar with this one, and my google searches are not yielding the best or much results.
I’m just looking for some things to begin learning about pentesting these types of backends and where to begin for this one. I know there was a book specifically for this one too, I just don’t have that one X_X

Type your comment> @sparkla said:

Can someone help me on the svn part? Can’t find anything there, msf doesn’t work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

Found all subdomains with the websites…

From what I was messing around with, look up the commands for svn. It works a little bit like git, and git repositories.

okay so trying to change to dark mode was my worst mistake. its so SLOW

Type your comment> @sparkla said:

Can someone help me on the svn part? Can’t find anything there, msf doesn’t work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

Found all subdomains with the websites…

Read the svn help for the commands you want to run

Got a shell but just can’t get user, now just mindlessly searching through c:\users… a nudge would be appreciated. :slight_smile:

Type your comment> @sparkla said:

I tried that but there should be a .s** dir and it complaints there isn’t. So you used that just regularly on the domain?

Instructions unclear, built shelfs instead.

PM me if you want a nudge