Web

Vaccine — HackTheBox Writeup Vaccine is a Very Easy Linux box that chains together several classic web exploitation techniques: anonymous FTP access, zip cracking, hardcoded credentials, SQL injection, and a sudo misconfiguration that hands over root in seconds. Each step feeds directly into the next, making it an excellent box for learning how a real attack chain flows from initial recon to full compromise. Overview Field Value IP OS Linux (Ubuntu 20.04) Difficulty Very Easy Reconnaissance Port Scan I always start with a service/version scan using Nmap’s default scripts (-sC) alongside version detection (-sV). Treating the target as if ICMP is blocked from the start (-Pn) saves frustration on boxes that don’t respond to ping. ...

Archetype — HackTheBox Writeup Archetype is a Windows box that demonstrates a classic lateral movement chain: anonymous SMB access exposes a configuration file with database credentials, which leads to command execution via MSSQL, and sloppy PowerShell history hands us domain admin on a silver platter. It’s an excellent box for understanding how real-world Windows environments get compromised through misconfiguration rather than flashy exploits. Overview Field Value OS Windows Server 2019 Standard 17763 IP Difficulty Starting Point Date 2026-01-30 Reconnaissance Port Scanning I start every box the same way — a default script and version scan with nmap. The goal here isn’t to be fancy, it’s to quickly understand what services are exposed and build a mental model of the attack surface. ...

Dancing — Anonymous SMB Access on a Windows Target Dancing is a beginner-friendly Windows box that demonstrates one of the most common misconfigurations found in real-world environments: an SMB share left open to anonymous access. The entire engagement comes down to solid enumeration and knowing which shares are worth poking at. Reconnaissance Port Scanning I started with a standard service scan to get a picture of what’s running on the target. The -sC flag runs default scripts and -sV attempts version detection — together they give a solid baseline without being too noisy. ...