https://joaobonin.com/tags/rfi/ Recent content in Rfi on João Vítor Moutinho Bonin Hugo en Thu, 04 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-flight/ Thu, 04 Jun 2026 00:00:00 +0000 https://joaobonin.com/posts/htb-flight/ Flight is a Hard Windows Active Directory box from HackTheBox. An LFI on a PHP school subdomain escalates to NTLM hash capture via UNC path. Crack svc_apache's hash, password spray to S.Moon, use ntlm_theft via the Shared share to coerce C.Bum's hash, pivot through a PHP webshell to meterpreter, RunasCs to C.Bum, discover an internal IIS dev site, upload an ASPX webshell, and escalate to SYSTEM via SeImpersonatePrivilege and EfsPotato.