The box is down?
@Pb22 said:
@m3chmania said:
Found user. Any tips for system/admin?hint: do that which you did b4
Do I need to use another set of credentials from that user file?
Edit: Got it. Fun box!
Type your comment> @S98 said:
I don’t understand. What am I doing wrong?
Some guys said that the creds is used in plain text.
I tried it over and over again, without proxy, even used
curl -v “http://d.w.h” --ntlm -u d.w.h/user:pass --noproxy “*”.
For now, still no luck.
It is possible to use curl to access the page, but you will be better off using a gui based browser.
For you that got proxy problems, there is an issue with burpsuite and NTLM auth.
PM for help
Rooted ! 
Rooted!!
Rooted! Great machine. I liked how it doesn’t require any blind guessing - just good thorough enumeration from one point to the next. Too bad it is very slow sometimes. I wonder if it depends on number of concurrent users or some other factor?
Anyway, congratulations to @ekenas for such great machine. It is the one I enjoyed the most from all machines I tried on HTB. And got Elite rank with it. Yay! 
I would really like to kill the r******r before he kills me 
Uf… finally got the user!
Edit again: rooted! A bit frustrating because of poor performance. But an enjoyable machine overall, and quite realistic.
Need some nudge for user.
I got a low shell and found some creds for user r****l. But I haven’t been able to use it anywhere. can someone provide a nudge on how to proceed.
Type your comment> @3DxHex said:
@thatjoe look over your full nmap scan.
yeah got it now. I was confused because the higher port was giving a 404 error page. so i thought it was running iis. my bad
Stuck at foothold. I can follow the pipelines to upload txt and js files but can’t do anything useful, e.g. ps1 files return 404. what am i missing?
Spoiler Removed
I believe you may find Invoke-ReversePowerShell from my repo GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell to be helpful on this one
rooted the box and it was a wild ride. I had no clue about the azure thingy so i needed soooo many nudges. Something i really liked is the cleanup scripts that were running in background.
thanks @ekenas for the box.
if anyone need any nudges, DM.
@tobor said:
I believe you may find Invoke-ReversePowerShell from my repo GitHub - tobor88/ReversePowerShell: Functions that can be used to gain Reverse Shells with PowerShell to be helpful on this one
Just wanna say props to you for that script man. I love how it reconnects after the session borks.
Hi, just wanted to give you guys a little info about worker being so slow. Normally a server such as worker is setup in different tiers in a production environment. This was not possible on HTB since as machine creators we have to put all components into one single machine. Due to this limitation we set a hw spec for worker on which we did all the testing and it actually passed without any issues. Unfortunately there was a hardware cap applied to worker after it was tested. I don’t know why this was applied and it doesn’t really matter. The sad part is that in the end this change made the machine run out of resources (mainly RAM) causing the Sql Server to be exhausted and the web server displaying a couple of 503 errors. This in turn had major effects on the ”portal” as I’m sure most of you have seen.
I really want to point out that when running this type of software in a production environment it is quite fast given the right amount of resources.
After about a week almost 800 ppl have owned worker which is quite good and I hope you did enjoy it. During this time we also have run tests and measurements and have a couple of solutions on how to mitigate the performance issues. Given the fact that still quite a few people have managed to root worker I’m not sure on how HTB will apply these changes or not.