Responder – Hack The Box // Walkthrough & Solution // Kali Linux

Responder is a free box available at the entry level of HackTheBox. Using Kali Linux, we introduce users to NTLM, enhancing their understanding of Local File Inclusion (LFI).

NTLM, or Windows New Technology LAN Manager, is a set of security protocols developed by Microsoft. It authenticates user identities and safeguards the privacy and integrity of their activities. Fundamentally, NTLM functions as a single sign-on mechanism, using a challenge-response protocol to verify users without requiring password input.

LFI, or Local File Inclusion, is a vulnerability that enables an attacker to include files by exploiting dynamic file inclusion mechanisms in a target application. This vulnerability arises when user inputs are used without adequate validation. Consequences range from displaying file contents to more severe outcomes like:

  • Executing code on the web server
  • Executing client-side code, such as JavaScript, potentially leading to other attacks like cross-site scripting (XSS)
  • Causing a Denial of Service (DoS)
  • Disclosing sensitive information

LFI involves including files already on the server by exploiting vulnerable inclusion processes in the application. This happens, for instance, when a script receives a path to an included file as input, which is not properly sanitized, thus allowing for the injection of directory traversal characters like dot-dot-slash. Although often associated with PHP scripts, LFI is also prevalent in other technologies including JSP, ASP, and more.