Accessing Azure Devops
PreviousSoftware development environments and Azure DevOps pipeline abuseNextExploring Project Pages
Last updated
Last updated
On visiting http://dimension.worker.htb/#work I see additional subdomain links for worker.htb . i can use curl and grep to parse all the subdomains, and also add these to /etc/hosts .
To explain “-s” is to keep it silent so it will not show progress meters or errors, “-q” is to help create query sets. This option adds contents usually a name + value paiur to the end of the query part of provided URL
“-o” is for output to write to file to only grab what was grep’d
Added http:// now I only have a list of the domains.
Added | sed to make it easier to copy and pase the URLS as necessary.
Now to double check the hosts file has been populated
There doesn't seem to be anything of interest on any of these sites.
The second commit within the logged looked interesting. So I used svn update -r 2 to bring the changes from the repository into our working directory. The revision (r) integers are incremented with each new commit to the repository.
From the command output above, we see that in this commit a file called moved.txt was deleted and a file named deploy.ps1 was added.
Looks like deploy.ps1 had some credentials for Nathen specifically.
The credentials don't work for Windows remote management, so I can instead look for any type of login functionality on the subdomains. The subdomain devops.worker.htb is configured to use basic authentication.
And I am in -
