Software development environments and Azure DevOps pipeline abuse

Starting with Nmap scan

Nmap output shows that web (IIS), WinRM, and Subversion (svnserve) services are running on the box.

On visiting port 80 we see the default IIS installation page

The availability of port 3690 indicates that an SVN repository is available. We can attempt to interact with it and download files using the svn command.

Using svn log to to get a detailed log description of what “nathen” has been doing

Now using svn checkout to download them all to my local machine

Straight away I can see dimension.work.htb assets – So I listed some more directories to see what was immediately accessible. I saw the moved.txt file and opened it

The website did not lead anywhere

had to add line 10 to “/etc/hosts”

And now the web address works.