is this supposed to be a brute force box? or careful enumeration
so any of you guys any luck
I guess I´m closer to get the RCE with PyS***W2 but I can not find the User and password . should we user a List of user and password Brutefoce ?
Spoiler Removed
It wasn’t spoiler dude
lol
I may have noticed something in those doctors email addresses, but i am still stuck
I have been running two common list trying using admin and
attacking http-head://IP.htb:PORT/services
any help ?
Spoiler Removed
^ I added the IP to my hosts file
ive emulated 80, a big fat nothing. researched 8089 and the special S*****y program that does both remote and local, but default creds dont work remotely, so im not sure where else i can go with this?
Has anybody actually gotten this? Very weird box.
Spoiler Removed
.
i got login page!!! credentials will be …!
Doctor Secure Messaging…but what is the use!!!
whoami && hostname
root
doctor
Finally root. I don’t think this is an easy box at all but I learn new thing from this
hey can anyone help me with doctor machine? i just got port 8089,80, and 22 open but don’t know where to find the credentials and login page>> please help??
Any nudges for the foothold? Cant seem to find any creds