The Starting Point series covers Hack The Box’s free Tier 0–2 machines with explicit methodology, dead-end documentation, and an AI-assist log on every writeup. Use it as a calibration baseline for higher-difficulty writeups in this blog.
Every box in this series gets full coverage: every command, every failed approach, every lesson extracted — including exactly where Claude helped and where it didn’t.
HTB STARTING POINT · Tier 2
IDOR in a cookie flips guest to super-admin, a SUID binary with system() calls cat via $PATH — two rookie mistakes that cascade to root.…
HTB STARTING POINT · Tier 1
Administrator with an empty password on a Windows box — SMB signing disabled, psexec drops SYSTEM in 15 minutes flat. The most honest failure mode in Active Directory.…
HTB STARTING POINT · Tier 1
Virtual host discovery finds the Magento admin panel on a non-default hostname; qwerty123 completes the chain — two recon steps, one flag.…
HTB STARTING POINT · Tier 1
Anonymous FTP leaks credentials; SSH login reveals a PostgreSQL container reachable via local port forwarding — the flag is a database row.…
HTB STARTING POINT · Tier 1
PHP LFI forces the server to issue a NetNTLMv2 request to a rogue Responder listener; the captured hash cracks to Administrator in seconds.…
HTB STARTING POINT · Tier 1
SVG with embedded JavaScript uploads to a ticketing system. When the admin previews the attachment, XSS fires in their browser and exfiltrates session cookie. Cookie replay gives admin access and SSH credentials.…
HTB STARTING POINT · Tier 1
Anonymous FTP drops a credentials file; those credentials unlock an HTTP admin panel — two individually boring findings combine into a full chain.…
HTB STARTING POINT · Tier 1
MariaDB root with no password on port 3306 — from initial banner grab to database enumeration to flag extraction, no exploit required.…
HTB STARTING POINT · Tier 1
SQL injection in a login form — `' OR '1'='1` as username turns authentication into a formality and exposes the flag in one request.…
