Non-comp person here; is there a record for longest period of time a DDOS attack occurred on a website? Would it be possible to forcibly keep a site offline for an extended length of time with a continuous DDOS attack?

Hi, I need your help to learn pentesting.

I'm programming for several years. I'm really good in C# and can write moderately complex apps in Dart, Python and JavaScript. I'm in highschool and work for software development company as backend developer. But general programming starts to feel so boring...

I've started to watch LiveOverflow on youtube (no link, there is no wifi here and I don't want youtube to drain my data) and it was so interesting - so I tried it. I've tried few CTFs, read many writeups, and now I've discovered CTF hack the box.

When I know what to do, I have no problem googling and researching and later applying my knowledge. But I often discover, that I just don't know what I don't know.

There is one CTF challenge that I haven't completed yet. It's 20 line html page, no javascript, nothing suspicous. No cookies. It has just form with password input, which sends post request to server. Here's the problem - how do I get the flag (the password)? I can bruteforce it, but it clearly isn't the correct way. I know that the php runs on apache, debian. I've tried getting some files, I've tried going up (../), sql injection, nothing works.

And here's the general problem - what am I missing? What to learn? What should I google? I don't want ideas what I'm missing on this one example - Instead I need some sources where I learn generally about vulnerabilities I can exploit. Some blog, some website, something like this.

Could someone here recommend me some sources where I learn about this? How did you start and what things do you generally check when you face something you have to break into?

Thank you