Skip to main content

One post tagged with "Remote File Inclusion"

Remote File Inclusion (RFI) is a web application vulnerability that allows an attacker to inject and execute arbitrary code from a remote location on the victim's server. This occurs when a vulnerable script includes or executes a file based on user input, without proper validation or sanitization, allowing attackers to upload malicious files or execute commands remotely.

View All Tags

HTB | Responder | Write-Up

· 14 min read

Summary:

This walkthrough outlines the attack vector used to system access on the Responder machine on Hack The Box, where an attacker would exploit the NetBIOS vulnerability to capture NTLMv2 hashes, which are then cracked using John the Ripper to obtain valid credentials. These credentials can be leveraged to ultimately gain access to root flag on the target machine.

Machine Name: Responder | Difficulty: Easy | OS: Windows