Starting Point

Fawn Fawn is one of HackTheBox’s introductory “Starting Point” machines, designed to teach the basics of FTP enumeration and the dangers of misconfigured anonymous access. It’s a single-step box — but the lesson it demonstrates shows up in real-world penetration tests far more often than you’d expect. Reconnaissance I kicked things off with a standard Nmap service scan against the target. The -sC flag runs Nmap’s default scripts (which includes FTP anonymous login detection), and -sV pulls version banners. I’m saving all output formats with -oA for later reference. ...

Meow — HackTheBox Writeup Meow is a beginner-friendly Linux box that demonstrates one of the most critical (and unfortunately still common) misconfigurations in the wild: a root account with no password exposed over Telnet. There’s no exploitation or privilege escalation required here — just knowing where to look and what to try. Overview The attack path is about as short as it gets. A single open port running Telnet, a root account with a blank password, and we’re done. While it may seem almost trivially simple, this box hammers home an important point: the most devastating vulnerabilities are often misconfigurations, not complex exploits. ...

Redeemer Redeemer is a beginner-friendly HackTheBox machine that demonstrates one of the most common real-world misconfigurations you’ll encounter: an exposed Redis instance with no authentication. There’s no exploitation involved here — just enumeration, awareness that interesting services live outside the default nmap port range, and knowing a handful of Redis commands. Overview The box runs a single exposed service — Redis 5.0.7 on port 6379 — configured with no password. The flag is stored directly as a key in the database. The entire challenge boils down to: find the service, connect to it, dump the keys. ...