Vulnhub Healthcare Live
https://www.vulnhub.com/entry/healthcare-1,522
Great box which reminded me of the pwk labs for sure. Took me a long time to find the right URL I had to attack – that was frustrating but worth it. From there it was an SQL injection to get the FTP login details. Then putting a PHP shell (in the right place) via FTP. Then exploiting a SUID binary which did not fully declare binaries it was calling. Well played sir well played indeed. https://twitter.com/v1n1v131r4