Official Worker Discussion

Hey Guys so I have found username and password and 8 domains. I have found the login page but the username and password did not work. I also have tried the Evil-W***m and no luck with that tool. Can someone please give me a nudge? Thank you in advance.

Type your comment> @Ljugtomten said:

Type your comment> @D8ll0 said:

Found the username and password, but they are not working with de****.w***.h**

Remove Burp Proxy :slight_smile:

Bro I love you!!! I need that.

Rooted. Was able to escalate thanks to a hint i saw here. But i really want to know how are we supposed to realize that the ““process”” is running as root?

Type your comment> @versaa said:

Rooted. Was able to escalate thanks to a hint i saw here. But i really want to know how are we supposed to realize that the ““process”” is running as root?

There are two hints on the box indicating which account the ”thingy” runs as. Can’t really tell here since it spoils part of the box.

I have a walkthrough ready for publishing that explains the inner details of Worker and how the process of setting it up looks like, since I got quite a few questions regarding that.

Will post it once the box retires.

So interesting box, I would suggest once you get a foothold check to see if anything is plugged into the box.

PS C:\Users\Administrator\Desktop> whoami
worker\administrator
PS C:\Users\Administrator\Desktop> id
uid=197108(Administrator) gid=197121 groups=197121

HMU if you need help

Finally got root, I’m going to go back with what I learned on this one and try some “easy” windows boxes as I floundered a little with this one. Good box and thanks!

http://devops.worker.htb/ is not responding at all …what do i miss?

@headfox said:

http://devops.worker.htb/ is not responding at all …what do i miss?

Have you added it to your hosts file?

Type your comment> @TazWake said:

@headfox said:

http://devops.worker.htb/ is not responding at all …what do i miss?

Have you added it to your hosts file?

but to which targetip?
I’m new to htb and dont know if there is more than the 10.10.10.203 to consider for that…
Or is this on 10.10.10.203? Or any default htb hosts file?

@headfox said:

Type your comment> @TazWake said:

@headfox said:

http://devops.worker.htb/ is not responding at all …what do i miss?

Have you added it to your hosts file?

but to which targetip?
I’m new to htb and dont know if there is more than the 10.10.10.203 to consider for that…
Or is this on 10.10.10.203? Or any default htb hosts file?

Each box only has one external IP, so you need to point any domain names you want to use at that IP.

Its worth remembering that there isn’t access to DNS, so if you want to visit example.htb on the HTB VPN, you need to tell your browser where that is. Often it is guesswork and in general people start with boxname.htb and then build from there. Some boxes have dozens of hostnames - if you want them to work you need to add to the hosts file.

nevermind…got it…also if i currently dont understand why this was not observed by enumeration…

thank you very much :slight_smile:
on oscp lab there were usually multiple boxes which were serving that stuff together…thats why i was disappointed at first glance…
but now i know and will consider that in future :wink:

@headfox said:

Type your comment> @TazWake said:

@headfox said:

http://devops.worker.htb/ is not responding at all …what do i miss?

Have you added it to your hosts file?

but to which targetip?
I’m new to htb and dont know if there is more than the 10.10.10.203 to consider for that…
Or is this on 10.10.10.203? Or any default htb hosts file?

For single machines, it is safe to assume only one IP address, which would be 10.10.10.203 in this case, yes.

For the poor souls like me, who’ve been away from HTB for too long:

User:

Once you have the shell, found the dumpwd, and… identified the user to use. There’s something EVIL available on Github which can give you the user. Wasted hours on this, hope it helps others. It’s an easy WIN.

On to root now.

Rooted! Really fun machine overall, especially user. Feel free to PM me for hints

I must say Windows is very far from my comfort zone and I usually tend to stay away from it, but I gave a shot at this box, just popped a shell and so far I’ve been having a lot of fun :smiley:

Just a reminder, Worker retires this weekend (and is replaced by an insane box!), so if you haven’t already rooted it, and want the points, you probably should start it soon.

It isn’t the hardest box in the world but it can take a bit of time.

Rooted just in time !
If it wasn’t for @egarcia I would still probably be enumerating unsuccessfully ^^
Figuring out how to get root wasn’t too hard, but the shell the box gives me crashes after a few minutes and I don’t know how to make it more stable. If anyone has some knowledge to share about that, I’d be happy :slight_smile:
Thank you very much @ekenas I really enjoyed this box !

@dragonista, thanks for the feedback! The shell you spawned will be terminated by a cleanup script. This script was added to allow multiple users to run the root-part simultaneously, since the context the shell runs in is a limited resource.

Will explain it more in detail in the upcoming walkthrough :slight_smile:

Anyone else having issues with the credentials not working? I know I have the right ones (backed up by walkthroughs online) but I cannot log into ds.wr.htb