Unika HTB Walkthrough: LFI and NTLM Hash Capture

This walkthrough provides a step-by-step guide to exploiting the Unika HTB machine. The first step involves accessing the machine's website and discovering a hidden page that reveals some configuration information. Further analysis of the website's source code reveals two links to French and German pages, which can be used to perform Local File Inclusion (LFI) attacks. By using the discovered configuration information, we can successfully include a remote file and capture an NTLM hash. We then use the Responder tool to capture the NTLM hash and crack it using a rockyou password list. Finally, we use the Evil-WinRM tool to access the machine and retrieve the flag.

Unika HTB Walkthrough: LFI and NTLM Hash Capture

Fugitives Break Out of Detention Center, Police Launch Manhunt

That's all.