Official Worker Discussion

ohkay this is my first windows machine, and i have no clue whatsoever
so what should i study or where should i need to look for reverse shell here?!!
a little push needed guyzz

@in3vitab13 said:

ohkay this is my first windows machine, and i have no clue whatsoever
so what should i study or where should i need to look for reverse shell here?!!
a little push needed guyzz

I wouldn’t think of this as a “windows” machine. Your attack is based on the technology stack in use and the box name is a bit of a clue. Once you log in, look for ways you can use the technology to run commands on your behalf.

Type your comment> @TazWake said:

@in3vitab13 said:

ohkay this is my first windows machine, and i have no clue whatsoever
so what should i study or where should i need to look for reverse shell here?!!
a little push needed guyzz

I wouldn’t think of this as a “windows” machine. Your attack is based on the technology stack in use and the box name is a bit of a clue. Once you log in, look for ways you can use the technology to run commands on your behalf.

ohkay m on it!!
need a little research from my side…will do it!1

Type your comment> @ins3cure said:

I would really like to kill the r******r before he kills me :joy:

Uf… finally got the user!

Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.

No joke on the r******r bit! Looking for any nudge in how to get around that particular hurdle. I am able to do just about everything else I need to get this thing knocked out.

Type your comment> @beehammer said:

Type your comment> @ins3cure said:

(Quote)
No joke on the r******r bit! Looking for any nudge in how to get around that particular hurdle. I am able to do just about everything else I need to get this thing knocked out.

The r******r bit is just a necessary step to do machine cleanup. You have quite a big window to do your stuff before it kicks in. Time it well and you shall succeed :slight_smile:

Type your comment> @ekenas said:

Type your comment> @beehammer said:

Type your comment> @ins3cure said:

(Quote)
No joke on the r******r bit! Looking for any nudge in how to get around that particular hurdle. I am able to do just about everything else I need to get this thing knocked out.

The r******r bit is just a necessary step to do machine cleanup. You have quite a big window to do your stuff before it kicks in. Time it well and you shall succeed :slight_smile:

I can imagine that but it seemed to be running every 30s or so. I would upload the thing and before I could navigate to it, R would have run and it would be cleared out.

The window is 10 minutes

Type your comment> @ekenas said:

The window is 10 minutes

Not sure what was going on but after somebody reset the machine, it acted normal and I was able to complete user and root flags last night. Fun box with some unexpected direction. I did not see s********n and A**** D****s coming in the same system!

Finally Owned!!! This was a nice experience and exposure to new tech… Tnx @ekenas for the box. :smile:

how did you guyz mined other subdomains after loggin in?!
or is it guess work/??

there anybody else who faced the work-item issue?

Type your comment> @in3vitab13 said:

how did you guyz mined other subdomains after loggin in?!
or is it guess work/??

Enumeration and reading some s*n repos which will give you a hint.

Does an error occour during the ppeines process in that certain domain for everyone or is it just me…?

Type your comment> @sparkla said:

Az*** CD/CI is broken beyond repair. Someone helped me how to do it, I tried for an hour again and again, I can’t merge and the plattform got more weird with each try. Has this been coded by Microsoft or what?

SCNR :smiley:

That probably explains the issues I’m having too! Thanks for the unintentional clarification!

Edit: lol, figured it out.

The reason the merging is setup this way becomes quite clear if you are a big team of developers and you need to keep the master branch in a functional state and ensure proper tracking of what work has been done. Typically someone higher up the chain is approving your PR:s and if your job is not properly done he/she will reject it.

It was an amazing box, Learnt something new. User and Root both were great.
Initial Foothold:The server still has that thing that you think is not there. Find a way to get that.
User:It is same as Git Hub but only now it is uploading exactly where you need it to
Root:Start from the beginning and take the pipes with you

PM if you need help
Thanks @ekenas for such an amazing box

@ekenas the machine is not functional for most of the time.
running out of patience .

and resetting doesnt solve ■■■■!

Type your comment> @in3vitab13 said:

@ekenas the machine is not functional for most of the time.
running out of patience .

Hi @in3vitab13 can you PM me with info and I’ll try to see if I can help out. I see a lot of people rooting Worker now so was under the consumption it was running nicely.

Type your comment> @blacViking said:

It was an amazing box, Learnt something new. User and Root both were great.
Initial Foothold:The server still has that thing that you think is not there. Find a way to get that.
User:It is same as Git Hub but only now it is uploading exactly where you need it to
Root:Start from the beginning and take the pipes with you

PM if you need help
Thanks @ekenas for such an amazing box

Thanx for the feedback and glad you liked it. Realism and no-guessing was an important part when designing this machine.