[kapott@blog ~]$ cat ~/intro.txt
Just an entrepreneurial software dev/hacker
navigating life through his obsession with
puzzles, tech and futurism. Neurodivergent.
Loving life.

Useful commandline tools
Optimizing my workflow to reduce unnecessary typing has been a game-changer, enhancing both my productivity and my connection to the tools I rely on. I tend to use whatever machine I work on like itâs an extension of my body - and thus I like to remove any cognitive friction when using it, allowing my feeling of flow to continue, uninterrupted. Below Iâll first introduce you to a few simple tools. Then Iâll share some tips and aliases that can make your life a lot easier. ...

Dancing
Box number 3 in the HTB intro, dancing is about a SMB share which requires no password to connect to, containing a ârootâ flag. After a short âman smbclientâ to look up some of smbclientâs REPL commands, I quickly acquired the flag. Remediation Donât allow critical data on unauthenticated shares. Set up authentication and authorization for shares in which users are going to put data.

Explosion
Being box number 5 in the hack the box âstarting pointâ introduction, itâs an easy machine. Initial recon shows that this is also, very obviously, a windows machine: Letâs try to connect to it with xfreerdp /v:$target. Password certainly expired. Interesting. Letâs try to open op a gui connection. The HTB pwnbox comes loaded with a program called Remmina, which is a great choice for things like RDP, VNC and other sort of connections which might require a gui. ...

Fawn
Second box in the intro series. Another cakewalk, although one question about the box was a bit more finnicky. This box is about a FTP server. Running nmap, as well as connecting to it through the ftp command give me the login prompt and version 3.0.3 for vsFTPd. One of the required answers for the machine is âFrom your scans, what version is FTP running on the target?â. Which is 3.0.3 - yet the answer is not accepted. You need to include the daemon name as well, in front of the version - a minor gripe. ...

Meow
Meow is the first box in the hack the box intro series. If I were to just break these boxes and report on them it would be a bit boring. So Iâll throw in some advice Iâd give for preventing the specific attack vector as well. After answering the questions the people at HTB set up for meow, it was clear to me - before I fired up nmap - that telnet was open. This box was, as the difficulty stated, indeed very easy. ...

Mongod
Mongod - referring to MongoDB, a noSQL database for storing unstructured data. Iâve maintained and scaled a couple of these clusters for so-called âbig dataâ processing in the past. It used to have insecure-by-default config settings which would allow connections from 0.0.0.0 on port 27017. Unauthenticated. Unauthorized. The documentation back then told you to set up access controls and bind the database to a specific interface, as the default was âaccept connections from anywhereâ - but who reads the documentation when you can just docker run? ...

Pre-ignition
Another âvery easyâ box in the âstarting pointâ trail by Hack the Box - number 6. Letâs start with our initial recon. The questions for the box point towards a ânext stepâ of directory bruteforcing with gobuster. Letâs follow the lead. What does running the command tell us about using the command? ...

Redeemer
Box number 4 in the hack the box âstarting pointâ trail. As this is another very easy box, letâs run basic recon against it.. Alright, a redis server. Worked with tons of these in the past, but usually from a codebase perspective - and as a caching mechanism for hot data. I still remember redis-cli but have no recollection of any of the flags the cli takes. ...

Sync
Sync. The process of synchronizing. I wonder what this box will present to me. Letâs find out. Recon Ah, rsync. The sysadminâs preferred alternative to scp for large files and backups. It supports a myriad of options - incremental transfer being one of them. Great for spotty connections, backup jobs and large file transfers. ...

Hack The Box: Starting point
Thereâs something strangely grounding about admitting you donât know everything â especially when youâve spent decades building, breaking, and rebuilding systems. I donât walk into rooms thinking Iâm the senior. But I leave most engagements quietly realizing I was. Not because I sought that title, but because the baseline knowledge I carry â TCP/IP, filesystem permissions, packet inspection, the old rituals â seems to be disappearing. Replaced by abstractions. Paved over by platforms. ...