Cracking Azure DevOps console
Last updated
Last updated
Then opened the pipelines – This is what usually happens to pipelines in AzureDevOps after they have been compiled.
After selecting view pipelines
It looks like it is going to or did, deploy the website to “w:\sites$(Build.Repository.Name).worker.htb”
I need to clone this
sudo to run as root to install git. Cloned in nathen wendel credentials as well as the devops.worker.htb directory and the build project. Possibly could have made a new directory for it.
Switching to webshell as I should be able to priv esc through this.
Now I can copy a simple cmd aspx shell from /usr/share/webshells/aspx/cmdasp.aspx to our current directory, and upload the new file to the server.
It did not work directly like that and I was not sure why initially. It is a windows machine and windows should be able to execute aspx shells.
In Git, the main or default name for a branch is master. Then users can create other branches based on another branch, and people can make different changes in each branch. The idea is that eventually you merge other branches back into master, and Git helps manage getting all the changes together, or helping you resolve conflicts.
It is not uncommon to have lower access users able to create and save (commit) into branches that are not master while limiting access to master, and typically, only master would have a pipeline that pushed actual content to the site.
I’m choosing an ASPX webshell because of the X-Powered-By: ASP.NET header seen during Recon.
Now on to pipelines, specfically spectral as that is where I uploaded the shell
It did not work.
So instead I tried to use the Alpha pipelines
Which was a success as you can see from the information.
But I am unable to use the webshell I intended to create for it.
The branch I also created has been deleted which has moved me into the master branch.
I cannot actively use the master branch.
I will need to come back to this – I am currently thinking, I may have messed up during the initial git phases in the linux command line
(To be continued)
