Official Doctor Discussion

Some hint to get a foothold ?

I can’t figure out these creds… Is it gonna require X** injection?

A hint would be appreciated

Type your comment> @LMAY75 said:

I can’t figure out these creds… Is it gonna require X** injection?

A hint would be appreciated

I don’t think X** will do…
It requires a client right ?

Type your comment> @Karthik0x00 said:

Why we can’t access that thing on that port?

I’m wondering why too !

I found the default creds but as mentioned on various sources, they won’t work remotely. And the response implies that the default password has not been changed. So that might help in priv esc later on. That also rules out brute force which sometimes works on easy boxes.

Then what is left is to find some other user and their password, or try to get something back from that communication channel.

Any hints or nudges appreciated.

Type your comment> @tang0 said:

I found the default creds but as mentioned on various sources, they won’t work remotely. And the response implies that the default password has not been changed. So that might help in priv esc later on. That also rules out brute force which sometimes works on easy boxes.

Then what is left is to find some other user and their password, or try to get something back from that communication channel.

Any hints or nudges appreciated.

where u found ?

Type your comment> @tang0 said:

And the response implies that the default password has not been changed.

No it doesn’t

Type your comment> @exord26 said:

I found the default creds but as mentioned on various sources, they won’t work remotely. And the response implies that the default password has not been changed. So that might help in priv esc later on. That also rules out brute force which sometimes works on easy boxes.

Then what is left is to find some other user and their password, or try to get something back from that communication channel.

Any hints or nudges appreciated.

where u found ?

Google

If I only had creds for Sk, there is so much to do with that MGT port :slight_smile:
I specialize in S
k and it is really cool to see a box here with S****k. Just cant seem to find the creds. Anyone got anything?

I Only Need Creds To Get RCE , Guys Any hints ?

Hav u tried default

Type your comment> @Cmdking01 said:

Hav u tried default
default creds don’t work , they are disabled to work remotely !

is this supposed to be a brute force box? or careful enumeration

so any of you guys any luck :slight_smile:

I guess I´m closer to get the RCE with PyS***W2 but I can not find the User and password . should we user a List of user and password Brutefoce ?

Spoiler Removed

It wasn’t spoiler dude

lol

I may have noticed something in those doctors email addresses, but i am still stuck

I have been running two common list trying using admin and
attacking http-head://IP.htb:PORT/services
any help ?