6 :80 devops.worker.htb

# missed devops.worker.htb from moved.txt (from svn)
# adding to /etc/hosts

http://devops.worker.htb/
requires basicAuth

# trying to go over svn history commits and see if anything new
# commit:2 shows some deployment script was added lets checkout

$ svn diff -c 2
Index: deploy.ps1
===================================================================
--- deploy.ps1  (nonexistent)
+++ deploy.ps1  (revision 2)
@@ -0,0 +1,6 @@
+$user = "nathen"
+$plain = "wendel98"
+$pwd = ($plain | ConvertTo-SecureString)
+$Credential = New-Object System.Management.Automation.PSCredential $user, $pwd
+$args = "Copy-Site.ps1"
+Start-Process powershell.exe -Credential $Credential -ArgumentList ("-file $args")

$ svn up -r 2
Updating '.':
A    deploy.ps1
Updated to revision 2.

$ cat deploy.ps1
$user = "nathen"
$plain = "wendel98"
$pwd = ($plain | ConvertTo-SecureString)
$Credential = New-Object System.Management.Automation.PSCredential $user, $pwd
$args = "Copy-Site.ps1"
Start-Process powershell.exe -Credential $Credential -ArgumentList ("-file $args")

using nathen:wendel98 works
http://devops.worker.htb/ekenas/
Azure DevOps page
| project: smarthotel360 exists

# tried git clone and modify and add a aspx shell but git push to origin fails
$ git push -u origin
Username for 'http://devops.worker.htb': nathen
Password for 'http://nathen@devops.worker.htb':
Enumerating objects: 4, done.
Counting objects: 100% (4/4), done.
Delta compression using up to 8 threads
Compressing objects: 100% (3/3), done.
Writing objects: 100% (3/3), 3.76 KiB | 3.76 MiB/s, done.
Total 3 (delta 1), reused 0 (delta 0), pack-reused 0
remote: Analyzing objects... (3/3) (31 ms)
remote: Storing packfile... done (17 ms)
remote: Storing index... done (20 ms)
To http://devops.worker.htb/ekenas/SmartHotel360/_git/spectral
 ! [remote rejected] master -> master (TF402455: Pushes to this branch are not permitted; you must use a pull request to update this branch.)
error: failed to push some refs to 'http://devops.worker.htb/ekenas/SmartHotel360/_git/spectral'


# exploring it, we find
SmartHotel360 > Repos > spectral
# looks like spectral.worker.htb

SmartHotel360 > Repos > Pushes > shows
Pull Request 5: Added cmdasp.aspx
# we need to revert back to this version as this is a webshell

# Tried revert but branch didn't contain the file
# used Cherry-pick and created a new branch kashz.
# issued a pull-request to merge with master; approved and selected to merge
# once merged, we can see cmdasp.aspx

Last updated