Key observations: - Port 80 redirects to `http://silentium.htb/` - Only two ports open — SSH and HTTP via nginx
nmap -sC -sV -p- 10.129.232.188
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.6p1 Ubuntu 3ubuntu13.15 (Ubuntu Linux; protocol 2.0)
80/tcp open http nginx 1.24.0 (Ubuntu)
|_http-title: Did not follow redirect to http://silentium.htb/
|_http-server-header: nginx/1.24.0 (Ubuntu)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Key observations:
http://silentium.htb/echo "10.129.232.188 silentium.htb staging.silentium.htb" | sudo tee -a /etc/hosts
gobuster vhost -u "http://silentium.htb" -w bitquark-subdomains-top100000.txt --append-domain
staging.silentium.htb Status: 200 [Size: 3142]
| Subdomain | Service | Version |
|---|---|---|
| silentium.htb | Corporate website | Static (Tailwind CSS) |
| staging.silentium.htb | Flowise AI | v3.0.5 |
| Port | Service | Notes |
|---|---|---|
| 22 | SSH | OpenSSH 9.6p1 |
| 80 | nginx | Hosts main site and proxies to Flowise on staging subdomain |
The main site at silentium.htb is a corporate finance website for “Silentium International Asset Management”. The team page reveals an employee named Ben — Head of Financial Systems.
The staging subdomain hosts a Flowise AI instance (v3.0.5) — an open-source platform for building LLM pipelines. Flowise exposes a REST API under /api/v1/, including account endpoints that don’t require authentication.
Contact me on Discord or LinkedIn for the password.
Contact on DiscordHackTheBox policy restricts publishing walkthroughs for active-season machines. This writeup is password-protected to respect that policy while keeping the content available to those who already have access.