Overview

the machine starts by finding a file that discovers version of the service which is vulnerable to unauthenticated RCE with our foothold on the machine we find database with a weird hash stored. with some research and hash analysis we got the password and with SSH to the machine we find a local service running to store patients data which is vulnerable to SSTI that leads to root access

Enumeration

start with nmap