Official Worker Discussion

I was able to get to d*****.worker.htb and gain access. I was trying to upload into new b*****, but when I do, for work items to link, I always get no suggestions found. I want to make sure that this is something I am doing wrong and not the system. Tried for many b*****es and it gives me the same issue. Any suggestions?

It should present you with alternative ids by just clicking in the wit-control.

If you don’t get any suggestions you need to supply one manually.

I appreciate that. Last night when I was trying, as soon as I would click on it, it would immediately say no suggestions. Tonight, it would pause as if it were processing, and then show me items. I am guessing its a resource issue? Regardless, thank you for the help. I got past it.

Welp, that machine was something I completely wasn’t going to expect. Thx, @ekenas, learnt a lot!

Just rooted! PM if you need help.

Type your comment> @nopej0hnson said:

Welp, that machine was something I completely wasn’t going to expect. Thx, @ekenas, learnt a lot!

Glad you liked it!

@ekenas said:

Glad you liked it!

I just want to add to the love here. This was an awesome box. It looks at a $thing I don’t (didn’t?) know very well beforehand. This meant I learned a lot and was actually surprised by how straightforward and logical things are.

Thank you for this box.

Type your comment> @TazWake said:

@ekenas said:

(Quote)
I just want to add to the love here. This was an awesome box. It looks at a $thing I don’t (didn’t?) know very well beforehand. This meant I learned a lot and was actually surprised by how straightforward and logical things are.

Thank you for this box.

Awesome! Thanks for that!

I am able to upload .***x shell and I am able to execute command on the server. I am trying to upgrade to reverse shell.
I tried to use PowerShell based rev shell code. However when I execute in my shell there is no connection back (I tried with listeners on port 80 and 443).
Also when I uploaded .***x reverse shell generated with msfvenom and connect to it with web browser there is no connection back to my listener. I tried with following payloads windows/shell_reverse_tcp as well windows/x64/meterpreter/reverse_tcp
Any hint why I am not getting reverse shell?

@kyloren said:

I am able to upload .***x shell and I am able to execute command on the server. I am trying to upgrade to reverse shell.
I tried to use PowerShell based rev shell code. However when I execute in my shell there is no connection back (I tried with listeners on port 80 and 443).
Also when I uploaded .***x reverse shell generated with msfvenom and connect to it with web browser there is no connection back to my listener. I tried with following payloads windows/shell_reverse_tcp as well windows/x64/meterpreter/reverse_tcp
Any hint why I am not getting reverse shell?

There are hundreds of reasons - the code could be wrong, the way it is being executed could be wrong, the way you’ve triggered it could be wrong, the listener might be broken, you might have a firewall in the way etc.

I suspect that you might be better changing the thing you are uploading - rather than a venom reverse shell, you could use one of the more straightforward online versions. I used one related to sleepless nights and it worked well with an nc listener.

Thx. Is it part of the difficulty of the box that uploaded shell gets deleted after couple of minutes?

problem

Hello, friend. I’m practicing worker

At present, I have got the shell of the user R * * * l, which is in the process of root. There is no progress at present, so I need to give some tips. thank you

Rooted, this thread already contains everything you need to know, but if you’re still stuck, PM :slight_smile:

Rooted! stuck a bit on foothold but @TazWake gave me the pat in the head i needed lol

Did someone managed to root the box through d** hijacking ? Seems doable, but I could use some help !

EDIT : the more I look into d** hijacking, the more it seems like a rabbit hole tho…

@AlPasta said:

EDIT : the more I look into d** hijacking, the more it seems like a rabbit hole tho…

I think it is a rabbit hole.

Rooted. If you need some help, DM me.

We are closing in on the 2K mark on number of roots on Worker!

Good work everyone and happy hacking you who still havent rooted it yet :slight_smile:

hey guys, QQ, got the different domains (both d…), got all files using svn **** i got the pass.
my issue here is that i’m going in two vectors -

  1. s* command - is there any work needs to be done here ?
  2. using TRA** request, wondered if i should xss etc.
    any hint here ?

I’m stuck on d*s.worker.htb with creds rl. Anyone willing to help give me nudges on getting this deployment working? Having issue getting the pipeline and release setup.

Edit: Rooted thanks to @FelisLeo