1. Meow
# Telnet
# Weak Credentials
- Utilized Tools: nmap, telnet

2. Fawn
# FTP
# Anonymous/Guest Access
- Utilized Tools: nmap, ftp

3. Dancing
# SMB
# Anonymous/Guest Access
- Utilized Tools: nmap, smbclient

4. Redeemer
# Redis
# Vulnerability Assessment
# Anonymous/Guest Access
- Utilized Tools: nmap, redis-cli

5. Explosion
# RDP
# Weak Credentials
- Utilized Tools: nmap, xfreerdp

6. Preignition
# Apache
# Web Site Structure Discovery
# Default Credentials
- Utilized Tools: nmap, gobuster

7. Mongod
# MongoDB
# Misconfiguration
# Anonymous/Guest Access
- Utilized Tools: nmap, mongosh

8. Synced
# Rsync
# Anonymous/Guest Access
-Utilized Tools: nmap, rsync

9. Appointment
# Apache
# PHP
# SQL Injection
- Utilized Tools: nmap, gobuster

10. Sequel
# Vulnerability Assessment
# MySQL
# Weak Credentials
# Reconnaissance
- Utilized Tools: nmap, mysql

11. Crocodile
# Apache
# FTP
# Reconnaissance
# Web Site Structure Discovery
# Clear Text Credentials
# Anonymous/Guest Access
- Utilized Tools: nmap, ftp

12. Responder
# WinRM
# SMB
# Responder
# Password Cracking
# Hash Capture
# Remote File Inclusion
# Remote Code Execution
- Utilized Tools: nmap, responder, john, evil-winrm

13. Three
# Cloud
# AWS
# Web Site Structure Discovery
# Bucket Enumeration
# Arbitrary File Upload
# Anonymous/Guest Access
- Utilized Tools: nmap, gobuster, aws, ncat, python3

14. Ignition
# Web Site Structure Discovery
# Weak Credentials
- Utilized Tools: nmap, curl, gobuster

15. Pennyworth
# Remote Code Execution
# Default Credentials
- Utilized Tools: nmap, ncat

16. Tactics
# SMB
# Misconfiguration
# Reconnaissance
- Utilized Tools: nmap, smbclient, impacket-psexec.py

17. Archetype
# MSSQL
# SMB
# Powershell
# Remote Code Execution
# Clear Text Credentials
# Information Disclosure
# Anonymous/Guest Access
- Utilized Tools: nmap, smbclient, impacket-mssqlclient.py, python3, ncat, winPEAS, impacket-psexec.py

18. Oopsie
# PHP
# Apache
# Web Site Structure Discovery
# Cookie Manipulation
# SUID Exploitation
# Authentication bypass
# Arbitrary File Upload
# IDOR (Insecure Direct Object Reference)
- Utilized Tools: nmap, Burp suite, gobuster, ncat

19. Included
# RDP
# Weak Credentials
- Utilized Tools: nmap, curl, tftp, lxc

20. Cap
# Fuzzing
# IDOR (Insecure Direct Object Reference)
# Packet Capture
# PoC
- Utilized Tools: nmap, wireshark, LinPEAS, zeek
- Notes: https://goldstaryeon.tistory.com/510
[HTB machine] Cap
- Concpets1. Security snapshot - Quick or comprehensive analysis of a system's security posture at a given point in time. It's commonley used in web vulnerability tools (e.g., OWASP ZAP, Burp suite, Nessus) or integrated security dashboards.2. Fuzzing - Se
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/351
Owned Cap from Hack The Box!
I have just owned machine Cap from Hack The Box
labs.hackthebox.com
21. Bashed
# DNS
# Cron
- Utilized Tools: CherryTree, nmap, LinEnum.sh, crontab
- Notes: https://goldstaryeon.tistory.com/513
[HTB machine] bashed
- Concepts1. CherryTree: A note-taking application used for organizing, storing, and managing hierarchical notes effectively. 2. Hostname vs domain name - Hostname: Identifies a specific device within a network (e.g., www, mail, ftp, etc.) - Domai
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/118
Owned Bashed from Hack The Box!
I have just owned machine Bashed from Hack The Box
labs.hackthebox.com
22. Nibbles
# Metasploit
# Password cracking
- Utilized Tools: Burp suite, searchsploit, metasploit, hydra
- Notes: https://goldstaryeon.tistory.com/515
[HTB machine] Nibbles
- Concepts1. Burp Suite: Tool for web application security testing. - Intercepting Proxy: Acts as a web proxy that allows you to intercept and modify HTTP/S traffic between your browser and the server. - Spider (Crawler): Automates the process of mapping a
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/121
Owned Nibbles from Hack The Box!
I have just owned machine Nibbles from Hack The Box
labs.hackthebox.com
23. Sense
# CSRF (Cross-Site Request Forgery)
- Utilized Tools: nmap, ssh, metasploit
- Notes: https://goldstaryeon.tistory.com/516
[HTB machine] Sense
- This machine is very simillar to reality- We can learn how to distinguish between crashing the system and being banned. This is crucial in real-world penetration testing scenarios. - Concepts1. nibble: A unit of digital information that consists of 4 bi
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/111
Owned Sense from Hack The Box!
I have just owned machine Sense from Hack The Box
labs.hackthebox.com
24. Valentine
# Heartbleed Bug
- Utilized Tools: nmap, sslyze, ssh
- Notes: https://goldstaryeon.tistory.com/518
[HTB machine] Valentine
- Concepts1. CCS injection (Change Cipher Spec Injection): Vulnerability that affects the TLS/SSL handshake process, specifically in implementations like OpenSSL. It allows an attacker to inject a crafted ChangeCipherSpec (CSS) message at an unexpected poi
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/127
Owned Valentine from Hack The Box!
I have just owned machine Valentine from Hack The Box
labs.hackthebox.com
25. Poison
# LFI (Local File Inclusion)
- Utilized Tools: nmap, Burp suite, xxd
- Notes: https://goldstaryeon.tistory.com/526
[HTB machine] Poison
- Concepts1. Bootstrap: Opensource frontend framework developed by Twitter2. LFI: Local File Inclusion3. index.php: Typically serves as the entry point or default page of a website4. https://github.com/swisskyrepo/PayloadsAllTheThings GitHub - swisskyre
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/132
Owned Poison from Hack The Box!
I have just owned machine Poison from Hack The Box
labs.hackthebox.com
26. Sunday
# NFS
# Finger
- Utilized Tools: nmap, john, ncat
- Notes: https://goldstaryeon.tistory.com/529
[HTB machine] Sunday
- Concepts1. RPC (Remote Procedure Call): Protocol that enables a program to execute a procedure on a remote system as if it were a local function.2. rpcbind: Critical component in the RPC system. It translates RPC program nums into network addresses where
goldstaryeon.tistory.com
- Writeup: https://goldstaryeon.tistory.com/530
[HTB machine] Sunday Writeup
1. EnumerationBegin by scanning the target for open ports using nmap.This initial scan is really time-consuming, so optimize it with the following flags: -T5: Sets the highest timing template for faster execution. -sS: Initiates a s stealthy SYN sc
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/136
Owned Sunday from Hack The Box!
I have just owned machine Sunday from Hack The Box
labs.hackthebox.com
1. Meow
# Telnet
# Weak Credentials
- Utilized Tools: nmap, telnet

2. Fawn
# FTP
# Anonymous/Guest Access
- Utilized Tools: nmap, ftp

3. Dancing
# SMB
# Anonymous/Guest Access
- Utilized Tools: nmap, smbclient

4. Redeemer
# Redis
# Vulnerability Assessment
# Anonymous/Guest Access
- Utilized Tools: nmap, redis-cli

5. Explosion
# RDP
# Weak Credentials
- Utilized Tools: nmap, xfreerdp

6. Preignition
# Apache
# Web Site Structure Discovery
# Default Credentials
- Utilized Tools: nmap, gobuster

7. Mongod
# MongoDB
# Misconfiguration
# Anonymous/Guest Access
- Utilized Tools: nmap, mongosh

8. Synced
# Rsync
# Anonymous/Guest Access
-Utilized Tools: nmap, rsync

9. Appointment
# Apache
# PHP
# SQL Injection
- Utilized Tools: nmap, gobuster

10. Sequel
# Vulnerability Assessment
# MySQL
# Weak Credentials
# Reconnaissance
- Utilized Tools: nmap, mysql

11. Crocodile
# Apache
# FTP
# Reconnaissance
# Web Site Structure Discovery
# Clear Text Credentials
# Anonymous/Guest Access
- Utilized Tools: nmap, ftp

12. Responder
# WinRM
# SMB
# Responder
# Password Cracking
# Hash Capture
# Remote File Inclusion
# Remote Code Execution
- Utilized Tools: nmap, responder, john, evil-winrm

13. Three
# Cloud
# AWS
# Web Site Structure Discovery
# Bucket Enumeration
# Arbitrary File Upload
# Anonymous/Guest Access
- Utilized Tools: nmap, gobuster, aws, ncat, python3

14. Ignition
# Web Site Structure Discovery
# Weak Credentials
- Utilized Tools: nmap, curl, gobuster

15. Pennyworth
# Remote Code Execution
# Default Credentials
- Utilized Tools: nmap, ncat

16. Tactics
# SMB
# Misconfiguration
# Reconnaissance
- Utilized Tools: nmap, smbclient, impacket-psexec.py

17. Archetype
# MSSQL
# SMB
# Powershell
# Remote Code Execution
# Clear Text Credentials
# Information Disclosure
# Anonymous/Guest Access
- Utilized Tools: nmap, smbclient, impacket-mssqlclient.py, python3, ncat, winPEAS, impacket-psexec.py

18. Oopsie
# PHP
# Apache
# Web Site Structure Discovery
# Cookie Manipulation
# SUID Exploitation
# Authentication bypass
# Arbitrary File Upload
# IDOR (Insecure Direct Object Reference)
- Utilized Tools: nmap, Burp suite, gobuster, ncat

19. Included
# RDP
# Weak Credentials
- Utilized Tools: nmap, curl, tftp, lxc

20. Cap
# Fuzzing
# IDOR (Insecure Direct Object Reference)
# Packet Capture
# PoC
- Utilized Tools: nmap, wireshark, LinPEAS, zeek
- Notes: https://goldstaryeon.tistory.com/510
[HTB machine] Cap
- Concpets1. Security snapshot - Quick or comprehensive analysis of a system's security posture at a given point in time. It's commonley used in web vulnerability tools (e.g., OWASP ZAP, Burp suite, Nessus) or integrated security dashboards.2. Fuzzing - Se
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/351
Owned Cap from Hack The Box!
I have just owned machine Cap from Hack The Box
labs.hackthebox.com
21. Bashed
# DNS
# Cron
- Utilized Tools: CherryTree, nmap, LinEnum.sh, crontab
- Notes: https://goldstaryeon.tistory.com/513
[HTB machine] bashed
- Concepts1. CherryTree: A note-taking application used for organizing, storing, and managing hierarchical notes effectively. 2. Hostname vs domain name - Hostname: Identifies a specific device within a network (e.g., www, mail, ftp, etc.) - Domai
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/118
Owned Bashed from Hack The Box!
I have just owned machine Bashed from Hack The Box
labs.hackthebox.com
22. Nibbles
# Metasploit
# Password cracking
- Utilized Tools: Burp suite, searchsploit, metasploit, hydra
- Notes: https://goldstaryeon.tistory.com/515
[HTB machine] Nibbles
- Concepts1. Burp Suite: Tool for web application security testing. - Intercepting Proxy: Acts as a web proxy that allows you to intercept and modify HTTP/S traffic between your browser and the server. - Spider (Crawler): Automates the process of mapping a
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/121
Owned Nibbles from Hack The Box!
I have just owned machine Nibbles from Hack The Box
labs.hackthebox.com
23. Sense
# CSRF (Cross-Site Request Forgery)
- Utilized Tools: nmap, ssh, metasploit
- Notes: https://goldstaryeon.tistory.com/516
[HTB machine] Sense
- This machine is very simillar to reality- We can learn how to distinguish between crashing the system and being banned. This is crucial in real-world penetration testing scenarios. - Concepts1. nibble: A unit of digital information that consists of 4 bi
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/111
Owned Sense from Hack The Box!
I have just owned machine Sense from Hack The Box
labs.hackthebox.com
24. Valentine
# Heartbleed Bug
- Utilized Tools: nmap, sslyze, ssh
- Notes: https://goldstaryeon.tistory.com/518
[HTB machine] Valentine
- Concepts1. CCS injection (Change Cipher Spec Injection): Vulnerability that affects the TLS/SSL handshake process, specifically in implementations like OpenSSL. It allows an attacker to inject a crafted ChangeCipherSpec (CSS) message at an unexpected poi
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/127
Owned Valentine from Hack The Box!
I have just owned machine Valentine from Hack The Box
labs.hackthebox.com
25. Poison
# LFI (Local File Inclusion)
- Utilized Tools: nmap, Burp suite, xxd
- Notes: https://goldstaryeon.tistory.com/526
[HTB machine] Poison
- Concepts1. Bootstrap: Opensource frontend framework developed by Twitter2. LFI: Local File Inclusion3. index.php: Typically serves as the entry point or default page of a website4. https://github.com/swisskyrepo/PayloadsAllTheThings GitHub - swisskyre
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/132
Owned Poison from Hack The Box!
I have just owned machine Poison from Hack The Box
labs.hackthebox.com
26. Sunday
# NFS
# Finger
- Utilized Tools: nmap, john, ncat
- Notes: https://goldstaryeon.tistory.com/529
[HTB machine] Sunday
- Concepts1. RPC (Remote Procedure Call): Protocol that enables a program to execute a procedure on a remote system as if it were a local function.2. rpcbind: Critical component in the RPC system. It translates RPC program nums into network addresses where
goldstaryeon.tistory.com
- Writeup: https://goldstaryeon.tistory.com/530
[HTB machine] Sunday Writeup
1. EnumerationBegin by scanning the target for open ports using nmap.This initial scan is really time-consuming, so optimize it with the following flags: -T5: Sets the highest timing template for faster execution. -sS: Initiates a s stealthy SYN sc
goldstaryeon.tistory.com

https://www.hackthebox.com/achievement/machine/2126633/136
Owned Sunday from Hack The Box!
I have just owned machine Sunday from Hack The Box
labs.hackthebox.com