Official Doctor Discussion

is this supposed to be a brute force box? or careful enumeration

so any of you guys any luck :slight_smile:

I guess I´m closer to get the RCE with PyS***W2 but I can not find the User and password . should we user a List of user and password Brutefoce ?

Spoiler Removed

It wasn’t spoiler dude

lol

I may have noticed something in those doctors email addresses, but i am still stuck

I have been running two common list trying using admin and
attacking http-head://IP.htb:PORT/services
any help ?

Spoiler Removed

^ I added the IP to my hosts file

ive emulated 80, a big fat nothing. researched 8089 and the special S*****y program that does both remote and local, but default creds dont work remotely, so im not sure where else i can go with this?

Has anybody actually gotten this? Very weird box.

Spoiler Removed

.

i got login page!!! credentials will be …!

Doctor Secure Messaging…but what is the use!!!

whoami && hostname

root
doctor

Finally root. I don’t think this is an easy box at all :frowning: but I learn new thing from this :smiley:

hey can anyone help me with doctor machine? i just got port 8089,80, and 22 open but don’t know where to find the credentials and login page>> please help??

foothold, @jkana101 tnx for the small nudge.

Any nudges for the foothold? Cant seem to find any creds