Hack The Box - Flight

00:00 - Introduction
01:00 - Start of Nmap
03:00 - Playing with the web page, but everything is static doing a VHOST Bruteforce to discover school.flight.htb
07:10 - Discovering the view parameter and suspecting File Disclosure, testing by including index.php and seeing the source code
09:20 - Since this is a Windows, try to include a file off a SMB Share and steal the NTLMv2 Hash of the webserver then crack it
13:30 - Running CrackMapExec (CME) checking shares, doing …

box bruteforce code disclosure discover doing file flight hack hack the box htb introduction nmap parameter php school source code start testing the web web windows