Hack The Box Flight

00:00 Introduction 01:00 Start of Nmap 03:00 Playing with the web page, but everything is static doing a VHOST Bruteforce to discover 07:10 Discovering the view parameter and suspecting File Disclosure, testing by including and seeing the source code 09:20 Since this is a Windows, try to include a file off a SMB Share and steal the NTLMv2 Hash of the webserver then crack it 13:30 Running CrackMapExec (CME) checking shares, doing a SpiderPlus to see the files in users 18:30 Running CrackMapExec (CME) to create a list of users on the box then doing a password spray to discover a duplicate password 20:20 Checking the shares with S. Moon and discovering we can write to the Shared Directory 21:30 Using NTLMTheft to create a bunch of files that would attempt to steal NTLM Hashes of users when browsing to a directory getting C. Bum s creds with 26:18 C. Bum can write to Web, dropping a reverse shell 29:30 Reverse shell r