Rooted! Great machine. I liked how it doesn't require any blind guessing - just good thorough enumeration from one point to the next. Too bad it is very slow sometimes. I wonder if it depends on number of concurrent users or some other factor?
Anyway, congratulations to @ekenas for such great machine. It is the one I enjoyed the most from all machines I tried on HTB. And got Elite rank with it. Yay!
Stuck at foothold. I can follow the pipelines to upload txt and js files but can't do anything useful, e.g. ps1 files return 404. what am i missing?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect: https://www.hackthebox.eu/home/users/profile/122308
rooted the box and it was a wild ride. I had no clue about the azure thingy so i needed soooo many nudges. Something i really liked is the cleanup scripts that were running in background.
Hi, just wanted to give you guys a little info about worker being so slow. Normally a server such as worker is setup in different tiers in a production environment. This was not possible on HTB since as machine creators we have to put all components into one single machine. Due to this limitation we set a hw spec for worker on which we did all the testing and it actually passed without any issues. Unfortunately there was a hardware cap applied to worker after it was tested. I don’t know why this was applied and it doesn’t really matter. The sad part is that in the end this change made the machine run out of resources (mainly RAM) causing the Sql Server to be exhausted and the web server displaying a couple of 503 errors. This in turn had major effects on the ”portal” as I’m sure most of you have seen.
I really want to point out that when running this type of software in a production environment it is quite fast given the right amount of resources.
After about a week almost 800 ppl have owned worker which is quite good and I hope you did enjoy it. During this time we also have run tests and measurements and have a couple of solutions on how to mitigate the performance issues. Given the fact that still quite a few people have managed to root worker I’m not sure on how HTB will apply these changes or not.
Might need a nudge on this box.
Found all websites
Found Creds and can logon.
never worked with this technology before (which is fun) and I assume I need to upload something that talks back to me (obviously) but sure where and how (yet).. (too many options lol)
@ekenas said:
Hi, just wanted to give you guys a little info about worker being so slow. Normally a server such as worker is setup in different tiers in a production environment. This was not possible on HTB since as machine creators we have to put all components into one single machine. Due to this limitation we set a hw spec for worker on which we did all the testing and it actually passed without any issues. Unfortunately there was a hardware cap applied to worker after it was tested. I don’t know why this was applied and it doesn’t really matter. The sad part is that in the end this change made the machine run out of resources (mainly RAM) causing the Sql Server to be exhausted and the web server displaying a couple of 503 errors. This in turn had major effects on the ”portal” as I’m sure most of you have seen.
I really want to point out that when running this type of software in a production environment it is quite fast given the right amount of resources.
After about a week almost 800 ppl have owned worker which is quite good and I hope you did enjoy it. During this time we also have run tests and measurements and have a couple of solutions on how to mitigate the performance issues. Given the fact that still quite a few people have managed to root worker I’m not sure on how HTB will apply these changes or not.
Its an awesome box @ekenas and personally I haven't experienced any performance issues (yet).
Could be an VIP thing, I am not sure.
Appreciate you tapping in with us and explaining the situations (kudos from me on that) keep up the awesome work
Great machine, thanks @ekenas , i really enjoyed the box because i was a developer and some mistakes you can find here are common... But the machine was a bit laggy sometimes and i got some 50X errors. After a restart, all was working fine to the end.
Could need a nudge, I think I'm close to user, logged into the De*O** platform as r**** but unsure how to execute code now. The obvious idea was of course to change the build-script but that's not allowed. Guess I lack the practical experience with this platform to see the solution.
Could need a nudge, I think I'm close to user, logged into the De*O** platform as r**** but unsure how to execute code now. The obvious idea was of course to change the build-script but that's not allowed. Guess I lack the practical experience with this platform to see the solution.
There's a way to run scripts on this box using a markup language. Look for something Mario (yeah, the Italian plumber) uses to travel around.
Very interesting machine, I never heard about this service, that is good, because it is now part of my check list, so thanks to @ekenas for uploading this one
My Hints
User
Remember that time travel is always an option
This step was a bit disappointing to me because the Build-->Release feature was made automatically by the machine
Comments
Rooted!!
Rooted! Great machine. I liked how it doesn't require any blind guessing - just good thorough enumeration from one point to the next. Too bad it is very slow sometimes. I wonder if it depends on number of concurrent users or some other factor?
Anyway, congratulations to @ekenas for such great machine. It is the one I enjoyed the most from all machines I tried on HTB. And got Elite rank with it. Yay!
I would really like to kill the r******r before he kills me
Uf... finally got the user!
Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.
Need some nudge for user.
I got a low shell and found some creds for user r****l. But I haven't been able to use it anywhere. can someone provide a nudge on how to proceed.
@thatjoe look over your full nmap scan.
Type your comment> @3DxHex said:
yeah got it now. I was confused because the higher port was giving a 404 error page. so i thought it was running iis. my bad
Stuck at foothold. I can follow the pipelines to upload txt and js files but can't do anything useful, e.g. ps1 files return 404. what am i missing?
For asking help, please describe what you have tried so far, so i don't spoil too much.
If you believe i was able to help, please provide feedback by giving respect:
https://www.hackthebox.eu/home/users/profile/122308
Spoiler Removed
Why 50 53R10U5
Gods make rules. They don't follow them
rooted. thanks @ekenas for the fun machine.
Rooted and agree with @camk thanks for the fun box and exposure to a different attack surface.
rooted the box and it was a wild ride. I had no clue about the azure thingy so i needed soooo many nudges. Something i really liked is the cleanup scripts that were running in background.
thanks @ekenas for the box.
if anyone need any nudges, DM.
@tobor said:
Just wanna say props to you for that script man. I love how it reconnects after the session borks.
Rooted. Great box, a lot of new things learned. PM if need hints. Thanks @ekenas
I really want to point out that when running this type of software in a production environment it is quite fast given the right amount of resources.
After about a week almost 800 ppl have owned worker which is quite good and I hope you did enjoy it. During this time we also have run tests and measurements and have a couple of solutions on how to mitigate the performance issues. Given the fact that still quite a few people have managed to root worker I’m not sure on how HTB will apply these changes or not.
Might need a nudge on this box.
Found all websites
Found Creds and can logon.
never worked with this technology before (which is fun) and I assume I need to upload something that talks back to me (obviously) but sure where and how (yet).. (too many options lol)
Always happy to help others. 100% human
https://www.mindfueldaily.com/livewell/thank-you/
Its an awesome box @ekenas and personally I haven't experienced any performance issues (yet).
Could be an VIP thing, I am not sure.
Appreciate you tapping in with us and explaining the situations (kudos from me on that) keep up the awesome work
Always happy to help others. 100% human
https://www.mindfueldaily.com/livewell/thank-you/
powershell reverse shell getting error.... need "work-king" command
root....good worker ..but late respond!!!
Great machine, thanks @ekenas , i really enjoyed the box because i was a developer and some mistakes you can find here are common... But the machine was a bit laggy sometimes and i got some 50X errors. After a restart, all was working fine to the end.
Great box! I have learned quite a few things about this technology. A bit hard due to performance. Thanks @ekenas !!
if anyone needs a nudge, pm
Type your comment> @sparkla said:
There's a way to run scripts on this box using a markup language. Look for something Mario (yeah, the Italian plumber) uses to travel around.
Write-Ups here: https://catsandpancakes.github.io
Good fun once there aren't a lot of people on the box. Thanks @ekenas
got root a few minutes ago.
Good machine, i've learnt a lot.
thanks @ecodb for the sanity check.
echo start dumb.bat > dumb.bat && dumb.bat
doh!
Happy hunting!
Rooted finnaly
Rooted, thanks for this box !
Feel free to pm me
Write ups FR : https://hackingdom.io/
Very interesting machine, I never heard about this service, that is good, because it is now part of my check list, so thanks to @ekenas for uploading this one
My Hints
User
Build-->Releasefeature was made automatically by the machineRoot
If this is spoiler feel free to remove it