Official Worker Discussion

Type your comment> @blacViking said:

It was an amazing box, Learnt something new. User and Root both were great.
Initial Foothold:The server still has that thing that you think is not there. Find a way to get that.
User:It is same as Git Hub but only now it is uploading exactly where you need it to
Root:Start from the beginning and take the pipes with you

PM if you need help
Thanks @ekenas for such an amazing box

Thanx for the feedback and glad you liked it. Realism and no-guessing was an important part when designing this machine.

Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what’s taking so long to auto-deploy it.

Type your comment> @PapyrusTheGuru said:

Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what’s taking so long to auto-deploy it.

if you mean “auto-complete” then i guess its a never ending process!
my tip: satisfy all 3 demands and then you can complete it in one click only!

Type your comment> @in3vitab13 said:

Type your comment> @PapyrusTheGuru said:

Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what’s taking so long to auto-deploy it.

if you mean “auto-complete” then i guess its a never ending process!
my tip: satisfy all 3 demands and then you can complete it in one click only!

Uhhh… my bad, can I DM you about it? I’m quite sure I’m doing everything alright but I’d always like a sanity check.

Type your comment> @PapyrusTheGuru said:

Type your comment> @in3vitab13 said:

Type your comment> @PapyrusTheGuru said:

Currently on the de*o*s.worker.htb and have already uploaded it to master on di*ensi*n, not sure what’s taking so long to auto-deploy it.

if you mean “auto-complete” then i guess its a never ending process!
my tip: satisfy all 3 demands and then you can complete it in one click only!

Uhhh… my bad, can I DM you about it? I’m quite sure I’m doing everything alright but I’d always like a sanity check.

sure bro!

I just tested the complete exploitation process of worker and it was fine (EU2).

Fun box! Unfortunately I skipped over something quite easy to get user and it took me a while longer to find it, but root was pretty straightforward.

Type your comment> @m3ll0 said:

Fun box! Unfortunately I skipped over something quite easy to get user and it took me a while longer to find it, but root was pretty straightforward.

Root wasn’t straight forward for me. After roaming in dead end, I went back to the thing again.

@gunroot
Okay ‘straight-forward’ isn’t the right term. I did exhaust a lot of options enumerating the box but I didn’t go as far as throwing exploits against it, often it is way simpler than that in CTF-like environments… I have to remind myself of that all too often.

Got root! Amazing box, thank you @ekenas !
PM for nudges!

any lead for root, please?

Type your comment> @in3vitab13 said:

any lead for root, please?

Think what you did for user1 :slight_smile:

@acidbat said:
Type your comment> @in3vitab13 said:

any lead for root, please?

Think what you did for user1 :slight_smile:

from initial foothold to r*****l , it was straightforward, !
but cant figure , out how to put approach for root?!!
any article/concept that i need to study . , would be helpful bro!

Type your comment> @in3vitab13 said:

@acidbat said:
Type your comment> @in3vitab13 said:

any lead for root, please?

Think what you did for user1 :slight_smile:

from initial foothold to r*****l , it was straightforward, !
but cant figure , out how to put approach for root?!!
any article/concept that i need to study . , would be helpful bro!

Check your inbox :slight_smile:

I straight up downloaded the entire repo and grepped it for creds, found nothing

What is everyone talking ab

Edit: nvm I found it as soon as I posted this

*Spoiler Removed*

Rooted! Really good box, I learned a ton about the vuln service and exploiting it in various ways. 10/10 would recommend. If you need hints feel free to DM me.

I really enjoyed this box. got stuck a few times, but I was able to scan the forum posts and that pointed me in the right direction. make sure when you’re trying to login to d****s that you don’t have your manual proxy set in your browser, it made the login page give me a false negative and almost messed me up.
PM for a nudge

An interesting box that allowed me to play around with a CI tool I wasn’t familiar with.
My 2cents:

  • Foothold: go back to that revision, and use the CI tool to get what you want
  • User: enum enum
  • Root: abuse that thing again
!

What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes… Repeat.

Giving up