AI Space
AI Space is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out moreJennofrie Daguil / Profex0r Blog
Red team research, HackTheBox walkthroughs, and AI-assisted security notes.
A public-safe archive of sanitized machine and challenge research, written by Jennofrie Daguil and organized with attack-path graphs, evidence coverage, and reusable operator lessons.
AI-ML
AI Space
Challenge / 2024-01-06
AI-ML
Like A Glove
Challenge / 2024-01-09
AI-ML
Lost In Hyperspace
Challenge / 2024-01-11
Corpus breakdown
Coverage at a glance
219Total writeups
57Machines
162Challenges
Category distribution
Where the research effort sits
Type split
Machines versus challenges
26%Machines
74%Challenges
57machine writeups
162challenge writeups
Latest insights
Research notes and walkthroughs
Like A Glove
Like A Glove is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Lost In Hyperspace
Lost In Hyperspace is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Prometheon
Prometheon is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Distract And Destroy
Distract And Destroy is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
False Bidding
False Bidding is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Honor Among Thieves
Honor Among Thieves is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Locked And Loaded
Locked And Loaded is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Magic Vault
Magic Vault is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Portal Noncense
Portal Noncense is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Survival Of The Fittest
Survival Of The Fittest is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Token To Wonderland
Token To Wonderland is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Primed For Action
Primed For Action is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
SpookyPass
Single ELF 64-bit binary (pass), not stripped, dynamically linked. 1. strings reveals a hardcoded comparison string; the challenge-specific value is redacted from state docs. 2. Disassembly of main shows: - Prompts for password via
Find out more
Cred Hunter
Cred Hunter is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
PINSMITH
PINSMITH is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Pivot Easy
Pivot Easy is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Primed For Action
Primed For Action is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
AliEnS
AliEnS is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Baby Time Capsule
Baby Time Capsule is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
BabyEncryption
BabyEncryption is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Birds Of Randomness
Birds Of Randomness is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Broken Decryptor
Broken Decryptor is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Embryonic Plant
Embryonic Plant is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Infosekurus Query
Infosekurus Query is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Mysterybox
Mysterybox is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Neon Core
Neon Core is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Noncesense Encryption
Noncesense Encryption is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
POPO
POPO is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Protein Cookies
Protein Cookies is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Quantum Safe
Quantum Safe is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
ReMeeting The Wheel
ReMeeting The Wheel is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Rhome
Rhome is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
RSAisEasy
RSAisEasy is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Shambles
Shambles is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Shamirs Secret
Shamirs Secret is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Surprise Factor
Surprise Factor is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
The Last Dance
The Last Dance is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Twisted Entangelement
Twisted Entangelement is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
YALM
YALM is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Diagnostics
Diagnostics is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Emo
Emo is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Fishy Http
Fishy Http is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Obscure
Obscure is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
PersistencelsFutile
PersistencelsFutile is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Red Failure
Red Failure is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
RedTrails
RedTrails is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Suspicious Threat
Suspicious Threat is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
TrueSecrets
TrueSecrets is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
CubeMadness1
CubeMadness1 is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
CubeMadness2
CubeMadness2 is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
FlappyFlopper
FlappyFlopper is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
InfiniteDoge
InfiniteDoge is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
LightningFast
LightningFast is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
NoClip
NoClip is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
NoMap3d
NoMap3d is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
NoRadar
NoRadar is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Nostalgia
Nostalgia is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
SokobanHTB
SokobanHTB is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Bare Metal
Bare Metal is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Bounty Head
Bounty Head is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Debugging Interface
Debugging Interface is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Defusal
Defusal is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Espresso
Espresso is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Low Logic
Low Logic is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Mission PinPossible
Mission PinPossible is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Outrun
Outrun is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Plug And Pray
Plug And Pray is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Prison Escape
The challenge provides an Omega RF protocol document, a prison blueprint, and a live RF transmitter web UI. The solve path was to decode the downloaded .complex IQ captures, reconstruct the packet format, generate valid CRC-protected command packets, and...
Find out more
Project Power
Project Power is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
RFlag
RFlag is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Secret Treasures
Secret Treasures is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
TheNeedle
TheNeedle is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Trace
Trace is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Wander
Wander is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Xorxorxor
Xorxorxor is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Ether Tag
Ether Tag is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Factory
Factory is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Flow Override
Flow Override is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Steel Mountain
Steel Mountain is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Broken Shell
Broken Shell is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Lucky Dice
Lucky Dice is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Micro Storage
Micro Storage is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Noisy
Noisy is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Not Posixtive
Not Posixtive is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Pydome
Pydome is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Secure Server
Secure Server is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
ShinyHunter
ShinyHunter is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Thief
Thief is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Touch
Touch is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Utterly Broken Shell
Utterly Broken Shell is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
APKey
APKey is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Arno
Arno is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Cat
Cat is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Celestial Scribe
Celestial Scribe is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Cryptohorrific
Cryptohorrific is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Jigsaw
Jigsaw is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Protected
Protected is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Saw
Saw is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Follow The Money
Follow The Money is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
SocialMediaInvestigationHub
SocialMediaInvestigationHub is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
ThePuppetMaster
ThePuppetMaster is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
TheSuspiciousDomain
TheSuspiciousDomain is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
TheSuspiciousReviewer
Name: The Suspicious Reviewer - Category: OSINT - Difficulty: Very Easy The target is a static SocialConnect profile page for TechReviewer2024. The About tab hides contact details until Show Contact is selected, but the frontend bundle already contains the...
Find out more
WebVault TimeMachine Investigation
WebVault TimeMachine Investigation is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Arms Roped
Arms Roped is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Evil Copr
Evil Copr is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Execute
Execute is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Forks And Knives
Forks And Knives is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Funkynator
Funkynator is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
KHP Protocol
KHP Protocol is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Portaloo
Portaloo is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
R0bob1rd
R0bob1rd is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
ReplaceMe
ReplaceMe is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Restaurant
Restaurant is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Scanner
Scanner is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
TicTacToed
TicTacToed is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Under The Web
Under The Web is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
You Know 0xDiablos
You Know 0xDiablos is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Global Hyperlink Zone
The challenge provides a Qiskit-based server that accepts quantum gate instructions for five qubits. It measures the circuit 256 times and compares the resulting bitstreams. The server splits the measured results into five 256-bit shares and checks: It also...
Find out more
Noisy Vault
Noisy Vault is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Phase Madness
Phase Madness is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
QLotto
QLotto is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Untrusted Node
Untrusted Node is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
ARMs Race
ARMs Race is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Behind The Scenes
Behind The Scenes is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Bypass
Bypass is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Coffee Invocation
Coffee Invocation is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
CyberPsychosis
CyberPsychosis is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Debugme
Debugme is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Exation
Exation is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
FFModule
FFModule is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Gameloader
Gameloader is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Maze
Maze is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Partial Encryption
Partial Encryption is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
RAuth
RAuth is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Regas Town
Regas Town is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
SEPC
SEPC is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Simple Encryptor
Simple Encryptor is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Virtually Mad
Virtually Mad is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Wayback
Wayback is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Agriweb
Agriweb is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Phoenix Pipeline
Phoenix Pipeline is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
PowerGrid
PowerGrid is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Dark Runes
Dark Runes is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Desires
Desires is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
DoxPit
DoxPit is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Flag Command
Web-based text adventure game ("Dimensional Escape Quest") with a terminal interface. Three JS modules handle game logic client-side. Reading main.js reveals the command validation logic in CheckMessage(): The game accepts commands from the current step's...
Find out more
Interstellar
Interstellar is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Jerrytok
Jerrytok is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
NextPath
NextPath is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
OfflineA
OfflineA is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
ReactOOPS
ReactOOPS is a Web challenge built with Next.js 16.0.6 and React 19. The package name is react2shell, and the app uses the App Router / React Server Components stack. The intended bug is React2Shell, tracked upstream as <secret redacted>. The provided source...
Find out more
Screencrack
Screencrack is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Secure Notes
Secure Notes is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Spookifier
Flask web app that converts text into "spooky" fonts. Source code provided. The input flow is: 1. GET /?text=INPUT → routes.py 2. spookify(text) → change_font() converts to 4 font
Find out more
SSOS
SSOS is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
TornadoService
TornadoService is a sanitized challenge note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Archetype Walkthrough - HTB Starting Point
Archetype Walkthrough - HTB Starting Point is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Base
Directory listing leak -> .swp source code exposure -> PHP strcmp type juggling auth bypass -> File upload to webshell -> Credential reuse for SSH -> sudo find privesc 1. Directory listing + swap files = source code disclosure 2. PHP strcmp() with loose ==...
Find out more
Base
Public-source handoff exists in research.md. Live evidence has not been recorded yet in this support folder. 1. Enumerate services. 2. Enumerate web paths and confirm /login/ listing. 3. Recover login.php.swp and inspect PHP login
Find out more
Bike
Only 2 ports. The HTTP service is Node.js with Express -- the box name "Bike" hints at template injection. Found a simple page with an email subscription form: Response reveals Handlebars: Response: We will contact you at: [object Object] -- input is rendered...
Find out more
Checkpoint
State: target-state.json - Notes: notes.md The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets....
Find out more
Checkpoint
State: target-state.json - Notes: notes.md The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets....
Find out more
Cobblestone
Cobblestone is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Connected
The live respawn at <TARGET> still exposed FreePBX <TARGET> on connected.htb, so the previously validated endpoint branch remained the fastest initial access path. I revalidated the exact endpoint route family, reused the <secret redacted> chain to regain...
Find out more
Connected
<secret redacted> reached. The live chain was: 1. Enumerate the validated FreePBX <TARGET> admin surface at /admin/. 2. Prove that same-origin browser headers remove the generic AJAX referrer
Find out more
Connected
State: target-state.json - Notes: notes.md The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets....
Find out more
Crocodile
FTP Anonymous Access → Credential Lists → Web Admin Login → Flag 1. Anonymous FTP is a goldmine — Always check for anonymous access and download everything. 2. Positional pairing — When you find parallel user/password lists, pair them by line number. 3....
Find out more
DevArea - Full
DevArea is a Medium Linux HTB machine featuring a 4-phase attack chain: FTP reconnaissance, Apache CXF SSRF via MTOM (<secret redacted>), Hoverfly middleware RCE, and privilege escalation through a world-writable bash binary. Anonymous FTP login reveals a JAR...
Find out more
DevHub
Completion state: COMPLETE. DevHub exposed a static nginx site on port 80 and MCPJam Inspector v1.4.2 on port 6274. The MCPJam Inspector /api/mcp/connect endpoint accepted unauthenticated stdio MCP server configs, allowing command execution as mcp-dev. Local...
Find out more
Eloquia
Eloquia is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Facts
Facts is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Funnel
Result: christine still has the default password and SSH access. Reveals PostgreSQL listening on <TARGET>:5432 (not externally accessible). This forwards local port 15432 through the SSH connection to the target's localhost:5432. Databases found: christine,...
Find out more
Garfield Walkthrough - HTB Hard
Garfield Walkthrough - HTB Hard is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Helix
Completion state: COMPLETE. The machine was completed against live target IP <TARGET>. Full evidence and loot are in: - <local workspace><TARGET>-Helix/ Successful
Find out more
Helix
Completion state: COMPLETE. The live target matched the corrected operator-first route: flow.helix.htb NiFi anonymous ExecuteScript -> nifi -> NiFi support bundle operator SSH material -> operator -> OPC UA maintenance window -> sudo helix-maint-console ->...
Find out more
Hercules
The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets. Target: Hercules IP: <TARGET>...
Find out more
Hercules
Hercules is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
HTB Dancing - Full
Host is up, TTL=127 indicates Windows (default TTL 128, minus 1 hop) Quick scan (default scripts + version detection): Results: - 135/tcp - msrpc (Microsoft Windows
Find out more
HTB Fries — Complete Walkthrough (Hard/Windows)
The provided <email redacted> / D4LE11maan!! credentials worked on pgAdmin (form-encoded POST to /authenticate/login). pgAdmin 9.1.0 is vulnerable to Python eval() injection in the query tool download endpoint. Exploitation flow: 1. Login → get CSRF
Find out more
HTB Three
1. Discovered web app "The Toppers" on port 80 with domain thetoppers.htb 2. Identified S3-compatible service at s3.thetoppers.htb (LocalStack) 3. Listed S3 bucket thetoppers.htb — found it's the web root (contains index.php) 4. Uploaded PHP webshell via AWS...
Find out more
HTB: Synced
A standard nmap scan reveals a single open port: The machine name "Synced" is a direct hint toward rsync. With only one port open, the attack surface is clear. Output: One module named public is available with anonymous (no authentication)
Find out more
Ignition
Result: Only port 80 open, nginx 1.14.2, HTTP title shows redirect to http://ignition.htb/. The web server redirects all requests to ignition.htb. Added to /etc/hosts: Browsing to http://ignition.htb/ reveals a Magento 2 storefront. The standard Magento admin...
Find out more
Included
Completed. 1. Run initial recon from the fresh Pwnbox and identify exposed services. 2. Load the matching HTB methodology memory based on the discovered surface. 3. Research the machine name and service pattern as requested, treating outside information as...
Find out more
Markup
1. Port scan reveals SSH (22), HTTP (80), HTTPS (443) -- Apache 2.4.41 on Windows 2. Web login with default creds admin:password 3. Authenticated order form submits XML -- vulnerable to XXE 4. XXE reads Daniel's SSH private
Find out more
Markup
Ports 22 (SSH), 80 (HTTP), 443 (HTTPS) open. Apache 2.4.41 Win64, PHP 7.2.28, OpenSSH for Windows 8.1. The root page (/) serves a login form (POST to same page). Default credentials admin:password work — 302 redirect to home.php. The Order page...
Find out more
Markup
1. Port scan reveals SSH (22), HTTP (80), HTTPS (443) -- Apache 2.4.41 on Windows 2. Web login with default creds admin:password 3. Authenticated order form submits XML -- vulnerable to XXE 4. XXE reads Daniel's SSH private
Find out more
Mongod
Verified Pwnbox SSH, VPN (<TARGET>), and target reachability: Result: Port 22 (SSH) open. Port 27017 not detected (not in top 1000). Result: Ports 22 (SSH) and 27017 (mongod) open. The nmap mongodb-databases script automatically enumerated all databases...
Find out more
MonitorsFour
Status: in progress. Completion state: <secret redacted>. The target exposes HTTP on 80/tcp and WinRM on 5985/tcp. The HTTP app is a custom PHP application at monitorsfour.htb. Baseline enumeration found exposed .env configuration and a token-backed user API...
Find out more
Oopsie
Results: Ports 22 (SSH OpenSSH 7.6p1) and 80 (Apache 2.4.29) open. Full port scan confirmed no additional ports. The main page is a "Welcome" page for MegaCorp Automotive. Inspecting the page source and checking known paths revealed a login panel at...
Find out more
Pennyworth
Pennyworth is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
PingPong
State: target-state.json - Notes: notes.md The sections below are merged from companion Markdown notes for the same case. They are rendered after sanitization so the article stays precise without publishing raw flags, credentials, or target-specific secrets....
Find out more
Pirate
Phase A is complete per user-provided handoff. Raw Phase A command artifacts are not yet synced into this local folder, so notes currently distinguish the values as a handoff state. 1. Enumerate DC01 and confirm pirate.htb. 2. Validate starting credential...
Find out more
Pterodactyl -- HTB Medium Linux
Pterodactyl -- HTB Medium Linux is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Reactor
Completion state: <secret redacted> - User flag: not captured - Root flag: not captured 1. Establish Pwnbox SSH execution context and create
Find out more
Responder
Windows Easy box exploiting PHP file inclusion to trigger NTLM authentication to an attacker-controlled Responder instance, capturing the Administrator NTLMv2 hash, cracking it, and connecting via WinRM. Attack Chain: LFI/RFI (PHP page= param) -> Responder...
Find out more
Sequel
Sequel is an Easy Starting Point machine on HackTheBox running Linux (Debian 10). The only exposed service is MariaDB 10.3.27 on port 3306, accessible as root with no password. The flag is stored in a database table. Result: Single open port -- 3306/tcp...
Find out more
Silentium
1. Enumerate ports 22 and 80. 2. Add silentium.htb and staging.silentium.htb. 3. Confirm Flowise 3.0.5 on the staging vhost. 4. Use Flowise account reset/token leak and chatflow prediction RCE to enumerate the
Find out more
SmartHire
Status: COMPLETE. Raw flags and reusable secrets are stored only in <local workspace><TARGET>-SmartHire/loot/. 1. Recon found only SSH and HTTP. HTTP redirected to smarthire.htb; vhost fuzzing discovered models.smarthire.htb. 2. models.smarthire.htb exposed...
Find out more
Tactics
Target blocks ICMP, so -Pn is required. Result: Ports 135 (MSRPC), 139 (NetBIOS), 445 (SMB) open. Windows Server 2019. Null session denied. Tried Administrator with blank password: <redacted> [+] Tactics\Administrator: (Pwn3d!) -- Full admin access with blank...
Find out more
TwoMillion
TwoMillion exposed a web app on 2million.htb. The invite workflow allowed account creation, the authenticated API exposed admin and VPN routes, and the admin settings endpoint accepted a JSON request that promoted the current user. The admin VPN generation...
Find out more
TwoMillion
TwoMillion is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Unified
Completed. 1. Confirm UniFi version and Log4Shell injection point. 2. Use rogue JNDI for command execution. 3. Prefer blind exfiltration and local service access over reverse shell if egress stays
Find out more
Unified - HTB Starting Point
The target machine is not currently reachable. It needs to be spawned from the HTB Starting Point interface. All tooling is prepared and ready on Pwnbox. - Shell arrives as unifi user - Get user
Find out more
Vaccine - HTB Starting Point
FTP Anonymous -> backup.zip -> crack zip (741852963) -> web app creds (admin:qwerty789) -> SQLi on dashboard search -> RCE as postgres -> SSH key extraction -> sudo vi shell escape -> root 1. Credential chaining: Anonymous FTP -> ZIP password -> MD5 hash ->...
Find out more
VariaType
VariaType is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
VariaType
VariaType is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
VariaType Walkthrough — <TARGET>
The target is fully compromised from the refreshed Pwnbox at <TARGET>. Raw flags are stored only under loot/. 1. Confirmed 22/tcp SSH and 80/tcp HTTP. The HTTP service redirects to variatype.htb. 2. Added variatype.htb and portal.variatype.htb to Pwnbox hosts...
Find out more
VariaType Walkthrough — Current Respawned Instance
VariaType Walkthrough — Current Respawned Instance is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more
Walkthrough -- Explosion (<TARGET>)
Open ports: 135 (MSRPC), 139 (NetBIOS), 445 (SMB), 3389 (RDP) Additional ports: 5985 (WinRM), 47001 (WinRM alt), 49664-49671 (RPC high ports) - Guest access works but only reads IPC$ - No custom shares -- only ADMIN$, C$,
Find out more
Walkthrough — <TARGET> (Easy / Starting Point)
Linux box running nginx 1.14.2 with a PHP admin login page at /admin.php. Default credentials admin:admin yield the flag immediately. No shell access or privilege escalation required -- this is a single-flag Starting Point machine. Result: Port 80/tcp open...
Find out more
Walkthrough: Appointment (HTB Starting Point)
Target: <TARGET> | OS: Linux | Difficulty: Easy | Date: 2026-05-05 Result: Port 80 open (Apache 2.4.38, page title "Login"). Port 8254 filtered (irrelevant). Full port scan confirmed no additional services. Result: Simple login form with username and password...
Find out more
WingData
WingData is a sanitized machine note from the local HTB archive, organized for quick review by category, difficulty, evidence flow, and reusable operator
Find out more