SSRF
The target web application running on the port 8080 of the dc01.heist.offsec(192.168.198.165) host is vulnerable to SSRF.
┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/heist]
└─$ sudo responder -I tun0 -v/Practice/Heist_OffSec/3-Exploitation/attachments/{1AD35ED6-5210-4882-BEB6-EB5A2D9E9D93}-1.png)
The target web app is also sending a NTLM authentication alongside the GET request.
The enox user is already compromised; california