Worker video by ekenas

My thoughts on creating the worker machine, intended path plus one of the unintended ways of rooting.

Also goes through the cleanup-funtionality (restorer) which you probably were affected by during some point.

00:00 - Introduction
01:00 - Nmap scan
01:40 - Default web site
02:20 - Subversion repo
04:10 - Devops website found (No Access)
05:50 - Credentials found in svn repo
06:15 - Additional vhosts founds
07:20 - Logging into Azure Devops Server
09:30 - Explaining pipelines, repos and web sites relations
11:05 - Push web shell into repo
14:40 - Accessing deployed web shell
15:50 - Finding more credentials in svn repo
17:10 - Logging into winrm with found credentials to get user flag
19:15 - Logging in to Azure Devops with new credentials
24:30 - Explaining Setup Agent Pool
27:30 - WIT the reason behind Setup Agent Pool
30:30 - Building pipelines to extract root flag
37:55 - Explaining cleanup functionality
44:20 - Unintended path to root

Very nice @ekenas :slight_smile:
The unintended way was very interesting - will look into that when I have time :slight_smile:
It was a fun box and thank you once again for creating it.

PS: I always thought Swedes used; Tomte or Tomten instead of Nisse:slight_smile: