Type your comment> @tang0 said:
And the response implies that the default password has not been changed.
No it doesn’t
Type your comment> @exord26 said:
I found the default creds but as mentioned on various sources, they won’t work remotely. And the response implies that the default password has not been changed. So that might help in priv esc later on. That also rules out brute force which sometimes works on easy boxes.
Then what is left is to find some other user and their password, or try to get something back from that communication channel.
Any hints or nudges appreciated.
where u found ?
If I only had creds for Sk, there is so much to do with that MGT port 
I specialize in Sk and it is really cool to see a box here with S****k. Just cant seem to find the creds. Anyone got anything?
I Only Need Creds To Get RCE , Guys Any hints ?
Hav u tried default
Type your comment> @Cmdking01 said:
Hav u tried default
default creds don’t work , they are disabled to work remotely !
is this supposed to be a brute force box? or careful enumeration
so any of you guys any luck
I guess I´m closer to get the RCE with PyS***W2 but I can not find the User and password . should we user a List of user and password Brutefoce ?
Spoiler Removed
It wasn’t spoiler dude
lol
I may have noticed something in those doctors email addresses, but i am still stuck
I have been running two common list trying using admin and
attacking http-head://IP.htb:PORT/services
any help ?
Spoiler Removed
^ I added the IP to my hosts file
ive emulated 80, a big fat nothing. researched 8089 and the special S*****y program that does both remote and local, but default creds dont work remotely, so im not sure where else i can go with this?
Has anybody actually gotten this? Very weird box.
Spoiler Removed
.