Tag: lfi

All the articles with the tag "lfi".

• HTB Responder — LFI to NTLM Hash Capture

  10 May, 2026

  HackTheBox Responder exploits an LFI vulnerability to force the Windows server to authenticate to a rogue SMB server, capturing and cracking the administrator's NetNTLMv2 hash. The same pattern — user-controlled input redirecting an authenticated outbound connection — shows up in LLM agents leaking API tokens via prompt injection.