How to hack "smasher2" on hackthebox.eu Introduction This was a frustrating and interesting challenge, there were parts of it that I really enjoyed and found very useful, and then there were brute force obstacles which I generally don't like but are unfortunately a requirement in a number of situations. Disclaimer: The following activities were conducted in a lab environment with permission from the server owners. These techniques should not be used for any illegal activity under any circumstances. What's covered in this article This is a technical write-up describing how I approached attacking 'smasher2' on hackthebox.eu. The article probably won't contain all the attack vectors and may differ from the official write-up (available on hackthebox.eu). In this article we will cover; Brute forcing a web directory HTTP Basic Authentication Bypass DNS Enumeration to find hidden subdomains Code analysis of a Python Flask application Writing a proof of concept exploit Reverse....