This is a writeup about a retired HacktheBox machine: Doctor created by egotisticalSW and publish on September 26, 2020. This box is classified as an easy machine. The user part implied a server side template injection and finding a needle in a haystack. The root part required to use a Splunk exploit to elevate our privileges.