Official Worker Discussion

Spoiler Removed

Rooted! Thank you @ekenas for the box. The whole thing turned out to be a learning event. Please PM if you need a nudge. Also, thanks to @iampachinko for the nudge.

have a username and password that worked this morning, now not so much. someone changing passwords on us?

suddenly back to normal? wierd. i probably did something screwy

Apart from the lag, this was a really interesting box! Thanks to @SanderZ31 for the hints :slight_smile:

Spoiler Removed

Rooted!!!

Found user. Any tips for system/admin?

Type your comment> @m3chmania said:

Found user. Any tips for system/admin?

hint: do that which you did b4

The box is down?

@Pb22 said:

@m3chmania said:
Found user. Any tips for system/admin?

hint: do that which you did b4

Do I need to use another set of credentials from that user file?

Edit: Got it. Fun box!

Type your comment> @S98 said:

I don’t understand. What am I doing wrong?
Some guys said that the creds is used in plain text.
I tried it over and over again, without proxy, even used
curl -v “http://d.w.h” --ntlm -u d.w.h/user:pass --noproxy “*”.
For now, still no luck.

It is possible to use curl to access the page, but you will be better off using a gui based browser.

For you that got proxy problems, there is an issue with burpsuite and NTLM auth.

PM for help

Rooted ! :slight_smile:

Rooted!!

Rooted! Great machine. I liked how it doesn’t require any blind guessing - just good thorough enumeration from one point to the next. Too bad it is very slow sometimes. I wonder if it depends on number of concurrent users or some other factor?
Anyway, congratulations to @ekenas for such great machine. It is the one I enjoyed the most from all machines I tried on HTB. And got Elite rank with it. Yay! :smiley:

I would really like to kill the r******r before he kills me :joy:

Uf… finally got the user!

Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.

Need some nudge for user.

I got a low shell and found some creds for user r****l. But I haven’t been able to use it anywhere. can someone provide a nudge on how to proceed.

@thatjoe look over your full nmap scan.

Type your comment> @3DxHex said:

@thatjoe look over your full nmap scan.

yeah got it now. I was confused because the higher port was giving a 404 error page. so i thought it was running iis. my bad