Official Worker Discussion

Already got access to d*****.w*****.h** but I can’t get past there, the page is so slow. How can I improve that ?

@N0xi0us said:
Already got access to d*****.w*****.h** but I can’t get past there, the page is so slow. How can I improve that ?

If you check the Discord you’ll see everyone is having that problem. Doesn’t appear to be a way to fix it at this point.

if someone could please give me a nudge on how to move further from d*****.w*****.h** . Can’t find any method to exploit

Okay. So I managed to find the cleartext user and pass. I was able to authenticate to the URL. d*****.***.
For those at this step or past this step, can someone PM some useful training for pentesting this kind of site. I’m not familiar with this one, and my google searches are not yielding the best or much results.
I’m just looking for some things to begin learning about pentesting these types of backends and where to begin for this one. I know there was a book specifically for this one too, I just don’t have that one X_X

Type your comment> @sparkla said:

Can someone help me on the svn part? Can’t find anything there, msf doesn’t work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

Found all subdomains with the websites…

From what I was messing around with, look up the commands for svn. It works a little bit like git, and git repositories.

okay so trying to change to dark mode was my worst mistake. its so SLOW

Type your comment> @sparkla said:

Can someone help me on the svn part? Can’t find anything there, msf doesn’t work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

Found all subdomains with the websites…

Read the svn help for the commands you want to run

Got a shell but just can’t get user, now just mindlessly searching through c:\users… a nudge would be appreciated. :slight_smile:

Type your comment> @sparkla said:

I tried that but there should be a .s** dir and it complaints there isn’t. So you used that just regularly on the domain?

Instructions unclear, built shelfs instead.

PM me if you want a nudge

If you can not auth with the credit, you may try to kill all your proxy software, including ShadowSockesR and burpsuite and try it again. Credit should be plain.

I really hope theres nothing to do on the de******** vhost since its impossible to reach it.

edit : nevermind :slight_smile: the page finally loaded lol

Rooted after fighting with the web page for a bit. Feel free to PM for hints.

Could someone give me a slight nudge ? I have found a lot of information including the de******* I just haven’t found anything in the way of users yet.

Type your comment> @sparkla said:

Can someone help me on the svn part? Can’t find anything there, msf doesn’t work, 3 different exploits and svn enum scripts do nothing, gobusted my a** off.

Found all subdomains with the websites…

I was having the same issue. I pulled up SVN command manual and just worked my way down the commands. Eventually, there is a command that gives you a lot more information. You combine a few of them and you will see right away what you are looking for.

Cool box, but with some serious performance issues. I don’t even want to know how bad it is on non-VIP. For anyone having a go, I’d seriously recommend spending some time on the API documentation.

Type your comment> @psychocircus said:

Could someone give me a slight nudge ? I have found a lot of information including the de******* I just haven’t found anything in the way of users yet.

Hopefully this isn’t too much of a spoiler, but think more about how the service you got the website information from works. Just because a file doesn’t currently exist on it doesn’t mean it didn’t at some point in the past.

I have been getting a 503 error when trying to connect to s******.w*****.***. Is this intentional or am I missing something here? Pinging the same url works fine.

could use a bump on the priv from shell to 1st user please.
Bumping around for hours now :disappointed:

uploaded my shell , but no able to find the location where to query it in my browser. Anybody can pm me please?

Type your comment> @LegendHacker said:

uploaded my shell , but no able to find the location where to query it in my browser. Anybody can pm me please?

Check the repository’s name where the file is uploaded…