// All writeups

Writeups

Hack The Box machine walkthroughs. Recon, exploitation, privilege escalation.

Category
Difficulty
25 writeups
HTB Season 10
WEB MEDIUM
WingData
**Key Finding:** Running inside a Wing FTP Server installation on the actual host (not Docker).
HTB Season 10 Apr 23, 2026
WEB MEDIUM
VariaType
Browsing to `http://variatype.htb` shows **VariaType Labs** โ€” a professional variable font generation service. The `/services` page menti...
HTB Season 10 Apr 23, 2026
WEB EASY
Silentium
Key observations: - Port 80 redirects to `http://silentium.htb/` - Only two ports open โ€” SSH and HTTP via nginx
HTB Season 10 Apr 23, 2026
WEB MEDIUM
Pterodactyl
Browsing to `http://panel.pterodactyl.htb` reveals a **Pterodactyl Panel** instance (game server management), version prior to v1.11.11.
HTB Season 10 Apr 23, 2026
MISC HARD
Pirate
Pirate โ€” HackTheBox HARD writeup. Full exploitation details password-protected.
HTB Season 10 Apr 23, 2026
WEB HARD
Logging
The presence of ports **8530/8531** (WSUS) on a domain controller is the biggest signal โ€” WSUS over TLS (8531) combined with ADCS usually...
HTB Season 10 Apr 23, 2026
WEB EASY
Kobold
Key observations: - Port 80/443 redirects to `https://kobold.htb/` - Port 3552 runs **Arcane** โ€” a self-hosted Docker and Compose managem...
HTB Season 10 Apr 23, 2026
WEB MEDIUM
Interpreter
Browsing to `https://interpreter.htb` reveals a **Mirth Connect** instance.
HTB Season 10 Apr 23, 2026
MISC HARD
Garfield
Garfield โ€” HackTheBox HARD writeup. Full exploitation details password-protected.
HTB Season 10 Apr 23, 2026
WEB EASY
Facts
Browsed to `http://facts.htb` - normal homepage with no obvious vulnerabilities on the main page.
HTB Season 10 Apr 23, 2026
WEB MEDIUM
DevArea
Key observations: - Port 21 has **anonymous FTP** with a `pub` directory - Port 80 redirects to `http://devarea.htb/` โ€” a developer hirin...
HTB Season 10 Apr 23, 2026
WEB MEDIUM
CCTV
Browsing to `http://cctv.htb/zm/` reveals **ZoneMinder v1.37.63** login panel. Default credentials `admin:admin` grant access.
HTB Season 10 Apr 23, 2026
HTB Season 8
WEB MEDIUM
Voleur
Downloaded `Access_Review.xlsx` from `IT/First-Line Support`:
HTB Season 8 Apr 23, 2026
WEB MEDIUM
Sweep
Configured a scan target using our VPN IP, SSH on port 2022, and linked all credentials under **Map Credential**.
HTB Season 8 Apr 23, 2026
WEB HARD
Sorcery
Connected to the internal FTP service and retrieved CA material:
HTB Season 8 Apr 23, 2026
WEB MEDIUM
Sendai
nxc ldap DC.sendai.vl -u 'Thomas.Powell' -p 'pa$$w0rd' --gmsa ```
HTB Season 8 Apr 23, 2026
WEB HARD
RustyKey
"""Perform a simple dictionary attack against the output of timeroast.py. Necessary because the NTP 'hash' format unfortunately does not ...
HTB Season 8 Apr 23, 2026
WEB EASY
Outbound
encrypted_password = "L7Rv00A8TuwJAr67kITxxcSgnIk25Am/" des_key = b'rcmail-!24ByteDESkey*Str'
HTB Season 8 Apr 23, 2026
WEB HARD
Mirage
PDF reports revealed the hostname `nats-svc.mirage.htb` and the need to spoof DNS for a NATS service on port 4222.
HTB Season 8 Apr 23, 2026
WEB EASY
Lock
Server identified as ASP.NET. No obvious content on the main site.
HTB Season 8 Apr 23, 2026
WEB HARD
Guardian
Portal login required a student ID in format `GU`.
HTB Season 8 Apr 23, 2026
WEB MEDIUM
Era
ID `54` returned a different response and revealed `site-backup-30-08-24.zip`.
HTB Season 8 Apr 23, 2026
WEB EASY
Eighteen
Registered and logged into the site, but there was no immediate access path. SQL injection attempts failed.
HTB Season 8 Apr 23, 2026
WEB HARD
DarkZero
Only default shares were present. SMB and BloodHound enumeration did not provide useful results.
HTB Season 8 Apr 23, 2026
HTB Fortress
WEB EASY
Faraday
Registered on the web application and logged in with the new user.
HTB Fortress Apr 23, 2026
No writeups match the current filters.