Official Worker Discussion

@thatjoe look over your full nmap scan.

Type your comment> @3DxHex said:

@thatjoe look over your full nmap scan.

yeah got it now. I was confused because the higher port was giving a 404 error page. so i thought it was running iis. my bad

Stuck at foothold. I can follow the pipelines to upload txt and js files but can’t do anything useful, e.g. ps1 files return 404. what am i missing?

Spoiler Removed

I believe you may find Invoke-ReversePowerShell from my repo GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell to be helpful on this one

rooted. thanks @ekenas for the fun machine.

Rooted and agree with @camk thanks for the fun box and exposure to a different attack surface.

rooted the box and it was a wild ride. I had no clue about the azure thingy so i needed soooo many nudges. Something i really liked is the cleanup scripts that were running in background.

thanks @ekenas for the box.

if anyone need any nudges, DM.

@tobor said:

I believe you may find Invoke-ReversePowerShell from my repo GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell to be helpful on this one

Just wanna say props to you for that script man. I love how it reconnects after the session borks.

Rooted. Great box, a lot of new things learned. PM if need hints. Thanks @ekenas :slight_smile:

Hi, just wanted to give you guys a little info about worker being so slow. Normally a server such as worker is setup in different tiers in a production environment. This was not possible on HTB since as machine creators we have to put all components into one single machine. Due to this limitation we set a hw spec for worker on which we did all the testing and it actually passed without any issues. Unfortunately there was a hardware cap applied to worker after it was tested. I don’t know why this was applied and it doesn’t really matter. The sad part is that in the end this change made the machine run out of resources (mainly RAM) causing the Sql Server to be exhausted and the web server displaying a couple of 503 errors. This in turn had major effects on the ”portal” as I’m sure most of you have seen.
I really want to point out that when running this type of software in a production environment it is quite fast given the right amount of resources.

After about a week almost 800 ppl have owned worker which is quite good and I hope you did enjoy it. During this time we also have run tests and measurements and have a couple of solutions on how to mitigate the performance issues. Given the fact that still quite a few people have managed to root worker I’m not sure on how HTB will apply these changes or not.

Might need a nudge on this box.
Found all websites
Found Creds and can logon.
never worked with this technology before (which is fun) and I assume I need to upload something that talks back to me (obviously) but sure where and how (yet)… (too many options lol)

@ekenas said:
Hi, just wanted to give you guys a little info about worker being so slow. Normally a server such as worker is setup in different tiers in a production environment. This was not possible on HTB since as machine creators we have to put all components into one single machine. Due to this limitation we set a hw spec for worker on which we did all the testing and it actually passed without any issues. Unfortunately there was a hardware cap applied to worker after it was tested. I don’t know why this was applied and it doesn’t really matter. The sad part is that in the end this change made the machine run out of resources (mainly RAM) causing the Sql Server to be exhausted and the web server displaying a couple of 503 errors. This in turn had major effects on the ”portal” as I’m sure most of you have seen.
I really want to point out that when running this type of software in a production environment it is quite fast given the right amount of resources.

After about a week almost 800 ppl have owned worker which is quite good and I hope you did enjoy it. During this time we also have run tests and measurements and have a couple of solutions on how to mitigate the performance issues. Given the fact that still quite a few people have managed to root worker I’m not sure on how HTB will apply these changes or not.

Its an awesome box @ekenas and personally I haven’t experienced any performance issues (yet).
Could be an VIP thing, I am not sure.
Appreciate you tapping in with us and explaining the situations (kudos from me on that) keep up the awesome work :smiley:

powershell reverse shell getting error… need “work-king” command

root…good worker …but late respond!!!

Great machine, thanks @ekenas , i really enjoyed the box because i was a developer and some mistakes you can find here are common… But the machine was a bit laggy sometimes and i got some 50X errors. After a restart, all was working fine to the end.

Great box! I have learned quite a few things about this technology. A bit hard due to performance. Thanks @ekenas !!

if anyone needs a nudge, pm

Type your comment> @sparkla said:

Could need a nudge, I think I’m close to user, logged into the DeO** platform as r*** but unsure how to execute code now. The obvious idea was of course to change the build-script but that’s not allowed. Guess I lack the practical experience with this platform to see the solution.

There’s a way to run scripts on this box using a markup language. Look for something Mario (yeah, the Italian plumber) uses to travel around.

Good fun once there aren’t a lot of people on the box. Thanks @ekenas

got root a few minutes ago.
Good machine, i’ve learnt a lot.
thanks @ecodb for the sanity check.