Hack the Box Starting Point: Three

December 3, 2025 - 5 mins read

Hack the Box Starting Point: Three Hello everyone and welcome back to the HTB Starting Point series I’ve been working on for way too long now. Took a little break for the Thanksgiving weekend, I hope everyone enjoyed themselves. Now however it is time to get back to work and so today we will be working on the next machine here in Tier 1. While we were away it looks like the main HTB platform has undergone some UI changes and so we don’t really get a sneak peak as to what we’ll be doing anymore, which honestly is totally fine, let’s spin up our respective attack machines and get to work!

Hack the Box Walkthrough: Cap

December 3, 2025 - 7 mins read

Series: Intro to Red Team

HTB Intro to Red Team: Cap Hello again and welcome to the start of a new series I’m working on in preparation for taking the HTB Cetified Penetration Testing Student (CPTS) exam. Hack the Box recently (ish) introduced Tracks to their main platform which are bundles of different boxes that cover similar topics or were from the same event. Now they do have a CPTS prep track, but as I am truthfully not very good at all this yet we are starting with the Intro to Red Team track.

HTB Academy: Windows CMD and Powershell

November 23, 2025 - 6 mins read

I did say that I needed to work on my Windows sys admin skills and also my PowerShell-fu and so here I am. As per the usual when it comes to my Academy content, I will just be covering the skill assessment part of the module. It was a good module though, covered a lot of content as you get some hands on with both CMD and PowerShell and both are important.

Hack the Box Starting Point: Crocodile

November 23, 2025 - 6 mins read

Series: Starting Point

Time for our next Tier 1 box, Crocodile looks like it will be covering a few of the different tools we’ve been getting familiar with rather than introducing any new ones. Scrolling through the questions I see some FTP, gobuster, nmap, php, you know, fun stuff. Anyhow of you’re not familiar with any of this I implore you to go back and look through some of my other posts, otherwise fire up your attack environments and let’s go huntin for gators.

Hack the Box Starting Point: Responder

November 23, 2025 - 7 mins read

Series: Starting Point

Responder Hello and welcome back to the little Starting Point series I’ve been doing on the HacktheBox main platform. Today we’re going to be looking at the Responder box which definitely looks interesting. Just peaking at the questions ahead of us we’re going to be dealing with some stuff that I haven’t touched too mouch. Yeah we have some web stuff, but it looks like it may be hosted on a Windows server?

HTB Starting Point: Appointment

November 5, 2025 - 4 mins read

Series: Starting Point

HTB Starting Point: Appointment Hello and welcome to Starting Point Tier 1! We are officially out of tier zero and are now actually working towards a little bit of actual exploitation! Todays box, Appointment, is going to be covering some of the fundamentals of SQL injection. SQL stands for structured query language and we briefly touched on it during the Mongod box. SQL in it’s normal use is a query language (obviously) that allows us to interact with databases.

HTB Starting Point: Mongod

November 5, 2025 - 5 mins read

Series: Starting Point

Getting Familiar with MongoDB Moving onto our next Starting Point machine we have this bad boy. A quick look at the tasks associated with guy shows that we’re going to need to be brushing up on our MongoDB knowledge. Truthfully, I don’t have a ton of experience with this so this will be good for all of us. After connecting to HTB’s environment through either their pwnbox or OpenVPN let’s go ahead and spawn our target and then get started with this first task.

HTB Starting Point: Synced

November 5, 2025 - 4 mins read

Series: Starting Point

Rsync is a Pretty Important Tool Hey there and welcome to the final box under HTB’s Starting Point Tier 01 Yayyyy (this took me way too long). Anyhow, todays box is going to be going over the usage of a tool called rsync which is another file transfer tool, but a very powerful one. Frequently used by sys admins and what not to perform system backups and things of that nature.

Hack the Box: Nibbles Walkthrough

October 29, 2025 - 8 mins read

Port Scanning For this box, we know it’s a Linux box and it has a web server of some kind. Let’s perform some emumeration and start off with an nmap scan. Run the command nmap -sV --open -oA nibbles_initial_scan <target_ip> this will perform a full version scan on the target, only returning output for open ports and will output everything to the initial scan file. the .nmap file is the same as stndout and the other two are formatted for potential other operations

HTB Academy: Windows Fundamentals

October 29, 2025 - 5 mins read

Now in the past, I’ve gone on the record saying that I don’t like covering Academy content and that’s still true. I will do it however if one of two conditions are met, I think it’s hard and there’s not a lot of resources on the topic. Or if I personally suck at it and this one is definitely the latter as my Windows sysadmin skills are not great. With that being said, feel free to join me as I quick work on the Skills Assessment portion of the HTB Academy Windows Fundamentals module.