Doctor
Doctor
Doctor 278
Doctor
RETIRED MACHINE

Doctor

Doctor - Linux Linux
Doctor - Easy Easy

4

MACHINE RATING

11696

USER OWNS

10941

SYSTEM OWNS

26/09/2020

RELEASED
Created by egotisticalSW

Machine Synopsis

Doctor is an easy machine that features an Apache server running on port 80. Users can identify a virtual host on the main webpage, and after adding it to their hosts file, acquire access to the `Doctor Messaging System`. The system is found to be vulnerable to Server Side Template Injection, and successful exploitation of the vulnerability results in a shell as the user `web`. This user belongs to the `adm` group and is able to read various system logs. Enumeration of the logs reveals a misplaced password that can be used to login as the user `shaun`. Enumeration of system services reveals that a Splunk Universal Forwarder is running on port 8089, in the context of `root`. Research reveals an exploit that can be used with valid credentials in order to execute code remotely and escalate our privileges.

Machine Matrix

Ready to start your
hacking journey?