Tier 0

HTB STARTING POINT · Tier 0

Synced

Anonymous rsync on port 873 delivers flag.txt with zero credentials; the real lesson is scanning beyond the top-1000 TCP ports.…

April 27, 2026 · 5 min · crAIzy
Rsync

HTB STARTING POINT · Tier 0

Preignition

Directory fuzzing surfaces a hidden admin.php that default credentials unlock; demonstrates why wordlist-based discovery precedes credential guessing.…

April 27, 2026 · 6 min · crAIzy
Directory Busting

HTB STARTING POINT · Tier 0

Explosion

RDP and WinRM both accept a blank Administrator password — attack surface is two services wide when credential assumptions fail at the front door.…

April 27, 2026 · 5 min · crAIzy
RDP

HTB STARTING POINT · Tier 0

Mongod

MongoDB 3.6.8 without bind authentication exposes a sensitive_information database; the real lesson is why auth-on-by-default matters.…

April 27, 2026 · 5 min · crAIzy
MongoDB No-Auth

HTB STARTING POINT · Tier 0

Redeemer

Unauthenticated Redis on port 6379 leaks a flag key directly; includes a bonus RCE path via rogue-server module load for the curious.…

April 27, 2026 · 6 min · crAIzy
Redis

HTB STARTING POINT · Tier 0

Fawn

Anonymous FTP on vsftpd 3.0.3 — the misconfiguration is intentional, the lesson is recognising anonymous bind and scripting retrieval.…

April 27, 2026 · 5 min · crAIzy
FTP Anonymous

HTB STARTING POINT · Tier 0

Dancing

SMB null session on Windows delivers a flag from an exposed WorkShares share; the takeaway is unauthenticated SMB enumeration without Metasploit.…

April 27, 2026 · 6 min · crAIzy
SMB Null Session

HTB STARTING POINT · Tier 0

Meow

Telnet with empty root password, and the RFC-854 quirk that explains why netcat falls silent where telnetlib succeeds.…

April 26, 2026 · 7 min · crAIzy
Telnet