Official Worker Discussion

There may be more than one way to root Worker and at least one requires hacking/exploitation skills :wink:

Rooted. This was really fun and taught me new things. Thanks to @Andres7ll for nudges that helped me get user because I was overcomplicating things. After that, root was a breeze. Way easier than I expected!

PM me if you need nudges or hints. I will not give you any straight answers though. I will simply point you in the right direction and help you learn as I did. :smile:

Well, I’m probably sleep deprived and over complicating this - but Id welcome a nudge on what to do with the tool once you login. I know its probably something to do with the | feature, and I assume a markup language of some sort but beyond that… Lost.

@melodicminor said:
Well, I’m probably sleep deprived and over complicating this - but Id welcome a nudge on what to do with the tool once you login. I know its probably something to do with the | feature, and I assume a markup language of some sort but beyond that… Lost.

maybe you can get the “tool” to build you something …

“something” that opens the door and allows you to execute commands based on the backend technology…

Might be too cryptic…

@acidbat not too cryptic I’m just in a funk - I’ll come back to it in a few hours and see if I can wrap my head around it - thanks for the assist!

I’m on that path. I think I can plumb together what I need eventually, probably just need to RTFM a little closer.

@melodicminor no worries mate.
:smiley:

hi guys looking for help, having the following error with a certain tool

info: Establishing connection to remote endpoint

Error: An error of type HTTPClient::ReceiveTimeoutError happened, message is execution expired

Error: Exiting with code 1

This was a really cool box and I definitely learned some new tricks. Thank you @ekenas this was well done!

DM for nudges.

i just cant get the creds out using s*n !!!1
a little assist please

@in3vitab13 said:

i just cant get the creds out using s*n !!!1
a little assist please

Revisions matter.

Type your comment> @TazWake said:

@in3vitab13 said:

i just cant get the creds out using s*n !!!1
a little assist please

Revisions matter.

you never fail to show me the way!
thanx my man!

ohkay this is my first windows machine, and i have no clue whatsoever
so what should i study or where should i need to look for reverse shell here?!!
a little push needed guyzz

@in3vitab13 said:

ohkay this is my first windows machine, and i have no clue whatsoever
so what should i study or where should i need to look for reverse shell here?!!
a little push needed guyzz

I wouldn’t think of this as a “windows” machine. Your attack is based on the technology stack in use and the box name is a bit of a clue. Once you log in, look for ways you can use the technology to run commands on your behalf.

Type your comment> @TazWake said:

@in3vitab13 said:

ohkay this is my first windows machine, and i have no clue whatsoever
so what should i study or where should i need to look for reverse shell here?!!
a little push needed guyzz

I wouldn’t think of this as a “windows” machine. Your attack is based on the technology stack in use and the box name is a bit of a clue. Once you log in, look for ways you can use the technology to run commands on your behalf.

ohkay m on it!!
need a little research from my side…will do it!1

Type your comment> @ins3cure said:

I would really like to kill the r******r before he kills me :joy:

Uf… finally got the user!

Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.

No joke on the r******r bit! Looking for any nudge in how to get around that particular hurdle. I am able to do just about everything else I need to get this thing knocked out.

Type your comment> @beehammer said:

Type your comment> @ins3cure said:

(Quote)
No joke on the r******r bit! Looking for any nudge in how to get around that particular hurdle. I am able to do just about everything else I need to get this thing knocked out.

The r******r bit is just a necessary step to do machine cleanup. You have quite a big window to do your stuff before it kicks in. Time it well and you shall succeed :slight_smile:

Type your comment> @ekenas said:

Type your comment> @beehammer said:

Type your comment> @ins3cure said:

(Quote)
No joke on the r******r bit! Looking for any nudge in how to get around that particular hurdle. I am able to do just about everything else I need to get this thing knocked out.

The r******r bit is just a necessary step to do machine cleanup. You have quite a big window to do your stuff before it kicks in. Time it well and you shall succeed :slight_smile:

I can imagine that but it seemed to be running every 30s or so. I would upload the thing and before I could navigate to it, R would have run and it would be cleared out.

The window is 10 minutes

Type your comment> @ekenas said:

The window is 10 minutes

Not sure what was going on but after somebody reset the machine, it acted normal and I was able to complete user and root flags last night. Fun box with some unexpected direction. I did not see s********n and A**** D****s coming in the same system!

Finally Owned!!! This was a nice experience and exposure to new tech… Tnx @ekenas for the box. :smile: