Vulnhub Healthcare Live

https://www.vulnhub.com/entry/healthcare-1,522

Great box which reminded me of the pwk labs for sure. Took me a long time to find the right URL I had to attack – that was frustrating but worth it. From there it was an SQL injection to get the FTP login details. Then putting a PHP shell (in the right place) via FTP. Then exploiting a SUID binary which did not fully declare binaries it was calling. Well played sir well played indeed. https://twitter.com/v1n1v131r4

rowbot

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.