Hack The Box - Flight
00:00 - Introduction
01:00 - Start of Nmap
03:00 - Playing with the web page, but everything is static doing a VHOST Bruteforce to discover
07:10 - Discovering the view parameter and suspecting File Disclosure, testing by including and seeing the source code
09:20 - Since this is a Windows, try to include a file off a SMB Share and steal the NTLMv2 Hash of the webserver then crack it
13:30 - Running CrackMapExec (CME) checking shares, doing a Spider_Plus to see the files in users
18:30 - Running CrackMapExec (CME) to create a list of users on the box then doing a password spray to discover a duplicate password
20:20 - Checking the shares with and discovering we can write to the Shared Directory
21:30 - Using NTLM_Theft to create a bunch of files that would attempt to steal NTLM Hashes of users when browsing to a directory getting ’s creds with
26:18 - can write to Web, dropping a reverse shell
29:30 - Reverse shell r
2 months ago 00:08:07 1
2 months ago 00:03:31 1
2 months ago 00:05:39 1
2 months ago 00:17:21 1
2 months ago 00:03:30 1
2 months ago 00:00:57 1
![well-being [gta in desc]](https://sun9-36.userapi.com/jpOc6zaTXQhDgjyyLueDfMZ8q7thZqt0W-zCRQ/x2cAqM06Mqg.jpg)
2 months ago 00:00:21 1
2 months ago 00:00:39 1
2 months ago 00:03:17 1
2 months ago 00:04:50 1
2 months ago 00:18:19 1
2 months ago 01:08:08 1
2 months ago 00:00:00 1
2 months ago 01:43:30 1
2 months ago 00:29:34 1
2 months ago 00:08:32 1
2 months ago 00:00:39 1
2 months ago 00:00:29 2
2 months ago 00:01:30 1
2 months ago 00:00:14 1
2 months ago 00:12:21 1
2 months ago 00:00:49 1
2 months ago 00:08:01 1
2 months ago 00:05:42 1
![Monopoly Go Hack - UPDATED Way To Get Monopoly Go Free Dice Rolls [iOS & Android]](https://sun9-49.userapi.com/VOMlBAjC5CqP-jsCzbVijCieN0jnOFTDm49VKA/n1D1rncXMSc.jpg)