HTB Starting Point — Dancing
SMB null session on Windows delivers a flag from an exposed WorkShares share; the takeaway is unauthenticated SMB enumeration without …
HTB Starting Point — Unified
Log4Shell in UniFi Network Application 6.4.54 — JNDI in the remember field hands over shell as root. MongoDB's default no-auth exposes admin …
HTB Starting Point — Archetype
Anonymous SMB exposes a config file with SA credentials. MSSQL xp_cmdshell goes active, winPEAS finds a PowerShell history file with admin …
HTB — PingPong
Two-domain AD forest under Assumed Breach. NTLM disabled globally. TCP port 88 asymmetrically filtered — a custom impacket monkey-patch …
HTB Starting Point — Meow
Telnet with empty root password, and the RFC-854 quirk that explains why netcat falls silent where telnetlib succeeds.