Official Hospital Discussion

The reverse shell from payload all the things will not work here, but there’s another popular php shell that will.

how did that go , did it work ? and if it did ,how?

I’ve goot administrator priv and find 2 flags but it says that my flags are incorrect when submiting…What’s going on?

How to use p0wny to get user ? Can anybody help ? do you obfuscate the code ? do you use burp like proxy to add code when upload a .phar file or you upload a .phar with code already inside ?
I don’t understand why when I’m try to upload p0wny shell the upload doesn’t successful :frowning:

Need help with sent mail :sweat_smile: When I try to attach a file It doesn’t attached. Even it was a jpeg file. It only attached empty files (((( What I do wrong ?

I’m stuck in ‘Error code: SSL_ERROR_RX_RECORD_TOO_LONG’ :disappointed: :disappointed:

I’ve tried resetting the box but nothing happened atp I’m just going to bed

Anyone wants to discuss root/Administrator path with me? This one was weird for me… Please DM

Hi. Can you tell me why the first host we access via the web app has a different IP. That is, starting with 192.168.x.x. How can this work if my kali is not in this subnet. Is this some kind of container?

Phew… That was a journey.
User :white_check_mark:
Root :white_check_mark:
Feel free to HMU if you need a nudge.

Can you share what led you to try webmail on port 443 instead of staying on port 8080 or other opened ports? Thank you in advance

You first need to exploit other things.
The webmail is only interesting when you already have credentials.

And as the forum already said. Do what Dr. Brows say when you are at the webmail stage :wink:

i am having issue : Forbidden on port 8080 on hospital machine.

An easy and interesting medium machine. Thanks!

FOOTHOLD : it’s a DC, but don’t go away! :slight_smile: It’s not an AD challenge
USER : find RCE and crack. Pay attention to email.
ROOT : lol :sweat_smile: . Easy, but a classic and not so used vector.

Can someone please help me with initial footload.
I did all enumeration with major port but no luck then I finally found something with webserver with file upload. I have tried various way to upload it but no luck of getting reverse shell

Has anyone had issues logging into the app on 443?

1 Like

it says connection to storage server failed eh?

use GitHub - flozz/p0wny-shell: Single-file PHP shell for php reverse shells :slight_smile:

Hey i got both the user flag and root flag but hackthebox doesn’t recognize them and saying invalid flags i get the user flag from


and got the root flag using


! What have i done wrong?

same here. I just reset the box to no avail.
the date of the flag files are 2/4/2024 so quite old
EDIT: switched to EU VPN and got a sort of clean and up to date instance. Problem solved