Vulnhub Healthcare Live,522

Great box which reminded me of the pwk labs for sure. Took me a long time to find the right URL I had to attack – that was frustrating but worth it. From there it was an SQL injection to get the FTP login details. Then putting a PHP shell (in the right place) via FTP. Then exploiting a SUID binary which did not fully declare binaries it was calling. Well played sir well played indeed.