Doctor Machine : Hack The Box

Step 1: — Perform nmap scan against target machine !

nmap scan result
Doctors.htb have the login page.

Step 2:- Create an account here

New created account

Step 3:-Login to the created account

Login to the created account

Step 4:- This page is vulnerble to XSS, so I found the RCE payload.

RCE payload

Step 5:-After running RCE Payload i find reverse shell by netcat !

Reverse shell

Step 6:- Try to print the content of user.txt .Cat the user.txt denied because we are not super user on shaun

Step 7:- So after searching the machine I found the log file in which apache2 folder have a backup so I cat it and found the password for shaun.

Find backup folder

Step 8:- Find the password for shun user !

Password for Shun user

Step 9:- Switch to shun user and find the user flag successfully !

User flag

Step 10:-I tried to login as sudo shaun but no luck!

Step 11:- Machine was running splunkd so I found the privelge escalation github tool.

privelge escalation github tool.

Step 12:- Download Splunk into local machine!

Download Splunk

Step 13:- Run Splunk tool and get root access !

Root access

Cyber Security Trainer|CTF Player || Security Analyst || THM CTF player |Vulnhub CTF player |HTB CTF player