Official Worker Discussion

@gunroot
Okay ‘straight-forward’ isn’t the right term. I did exhaust a lot of options enumerating the box but I didn’t go as far as throwing exploits against it, often it is way simpler than that in CTF-like environments… I have to remind myself of that all too often.

Got root! Amazing box, thank you @ekenas !
PM for nudges!

any lead for root, please?

Type your comment> @in3vitab13 said:

any lead for root, please?

Think what you did for user1 :slight_smile:

@acidbat said:
Type your comment> @in3vitab13 said:

any lead for root, please?

Think what you did for user1 :slight_smile:

from initial foothold to r*****l , it was straightforward, !
but cant figure , out how to put approach for root?!!
any article/concept that i need to study . , would be helpful bro!

Type your comment> @in3vitab13 said:

@acidbat said:
Type your comment> @in3vitab13 said:

any lead for root, please?

Think what you did for user1 :slight_smile:

from initial foothold to r*****l , it was straightforward, !
but cant figure , out how to put approach for root?!!
any article/concept that i need to study . , would be helpful bro!

Check your inbox :slight_smile:

I straight up downloaded the entire repo and grepped it for creds, found nothing

What is everyone talking ab

Edit: nvm I found it as soon as I posted this

*Spoiler Removed*

Rooted! Really good box, I learned a ton about the vuln service and exploiting it in various ways. 10/10 would recommend. If you need hints feel free to DM me.

I really enjoyed this box. got stuck a few times, but I was able to scan the forum posts and that pointed me in the right direction. make sure when you’re trying to login to d****s that you don’t have your manual proxy set in your browser, it made the login page give me a false negative and almost messed me up.
PM for a nudge

An interesting box that allowed me to play around with a CI tool I wasn’t familiar with.
My 2cents:

  • Foothold: go back to that revision, and use the CI tool to get what you want
  • User: enum enum
  • Root: abuse that thing again
!

What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes… Repeat.

Giving up

@luckycharmelf said:

What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes… Repeat.

Giving up

Double check this isn’t something you are doing. Looking at the stats people are still able to get user/root flags so there must be some stability somewhere.

@TazWake said:
@luckycharmelf said:

What a frustrating box. Comes online for 2 minutes, goes offline for 2, comes online for 2 minutes… Repeat.

Giving up

Double check this isn’t something you are doing. Looking at the stats people are still able to get user/root flags so there must be some stability somewhere.

I don’t see what I could be doing wrong? I started up the machine (no one else on us-vip-24 was using it I guess) and waited 15 minutes to let it boot up. Then I just started a ping every 5 seconds and did nothing else to that box.

This is what I get. Up for ~120 seconds, down for ~120 seconds, up for ~120 seconds, etc

Edit: I changed to us-vip-15, started the box, and I can ping it for more than 2 minutes at a time ¯\(ツ)/¯

@luckycharmelf said:

I don’t see what I could be doing wrong? I started up the machine (no one else on us-vip-24 was using it I guess) and waited 15 minutes to let it boot up. Then I just started a ping every 5 seconds and did nothing else to that box.

This is what I get. Up for ~120 seconds, down for ~120 seconds, up for ~120 seconds, etc

❯ ping 10.10.10.203 -O -i 5PING 10.10.10.203 (10.10.10.203) 56(84) bytes of da - Pastebin.com

Edit: I changed to us-vip-15, started the box, and I can ping it for more than 2 minutes at a time ¯\(ツ)/¯

That is pretty odd. If it happens again, you should raise a JIRA ticket for HTB to address the issue.

(for some reason, it resolved itself)
Hi,

I’m running into some issues that i do not get the possibility to input the found credentials to continue. This is happening both via curl and ff.

also tried moving vpn but that also does not seem to resolve it.

has anyone have/had the same issues or could point me in the direction so that i continue with the box?

thanks in advance!

Pheaxx

Nee help. managed to log and want to load my evil shell. The challenge is, am getting “No work items linked” hence can’t merge. Am getting a “no suggestion” hence can’t do anything on work items. Any help please.

I was able to get to d*****.worker.htb and gain access. I was trying to upload into new b*****, but when I do, for work items to link, I always get no suggestions found. I want to make sure that this is something I am doing wrong and not the system. Tried for many b*****es and it gives me the same issue. Any suggestions?

It should present you with alternative ids by just clicking in the wit-control.

If you don’t get any suggestions you need to supply one manually.

I appreciate that. Last night when I was trying, as soon as I would click on it, it would immediately say no suggestions. Tonight, it would pause as if it were processing, and then show me items. I am guessing its a resource issue? Regardless, thank you for the help. I got past it.