Interpreter
Box info | OS: Linux (Debian 12) | Difficulty: Medium | Status: Retired Skills: Java XStream deserialization analysis, source code review, Python f-string double-eval injection, SUID bash escalation, base64 filter ……
Writeups
WingData
Box info | OS: Linux (Debian 12) | Difficulty: Easy | Status: Retired Skills: Wing FTP Server Lua session injection, SHA-256 salt hash cracking, Python tarfile symlink/hardlink path traversal, VPN MTU troubleshooting ……
Silentium
Box info | OS: Linux (Ubuntu 24.04, kernel 6.8.0-107-generic) | Difficulty: Easy | Status: Retired Skills: Flowise API authentication bypass, JavaScript IIFE injection, OCR CAPTCHA solving, Gogs symlink privilege ……
HTB STARTING POINT · Tier 2
Oopsie
IDOR in a cookie flips guest to super-admin, a SUID binary with system() calls cat via $PATH — two rookie mistakes that cascade to root.…
HTB STARTING POINT · Tier 1
Tactics
Administrator with an empty password on a Windows box — SMB signing disabled, psexec drops SYSTEM in 15 minutes flat. The most honest failure mode in Active Directory.…
HTB STARTING POINT · Tier 1
Ignition
Virtual host discovery finds the Magento admin panel on a non-default hostname; qwerty123 completes the chain — two recon steps, one flag.…
HTB STARTING POINT · Tier 1
Funnel
Anonymous FTP leaks credentials; SSH login reveals a PostgreSQL container reachable via local port forwarding — the flag is a database row.…
HTB STARTING POINT · Tier 1
Responder
PHP LFI forces the server to issue a NetNTLMv2 request to a rogue Responder listener; the captured hash cracks to Administrator in seconds.…
HTB STARTING POINT · Tier 1
Kobold
SVG with embedded JavaScript uploads to a ticketing system. When the admin previews the attachment, XSS fires in their browser and exfiltrates session cookie. Cookie replay gives admin access and SSH credentials.…