# HTB

- [HTB Linux Boxes](/oscp-preparation/htb/htb-linux-boxes.md)
- [Lame Writeup](/oscp-preparation/htb/htb-linux-boxes/lame-writeup.md): Lame was the first box released on HTB (as far as I can tell). It’s a super easy box, easily knocked over with a Samba version exploit to a root shell.
- [Bashed Writeup](/oscp-preparation/htb/htb-linux-boxes/bashed-writeup.md): Bashed is a retired HackTheBox machine, rated easy and rightfully. We’ll start by finding a hidden web shell to quickly gaining root level access due to misconfigured permissions to users.
- [Shocker Writeup](/oscp-preparation/htb/htb-linux-boxes/shocker-writeup.md): Shocker, while fairly simple overall, demonstrates the severity of the renowned Shellshock exploit, which affected millions of public-facing servers.
- [Nibbles Writeup](/oscp-preparation/htb/htb-linux-boxes/nibbles-writeup.md): Nibbles is one of the easier boxes on HTB. It hosts a vulnerable instance of nibbleblog. There’s a Metasploit exploit for it, but it’s also easy to do without MSF.
- [Beep Writeup](/oscp-preparation/htb/htb-linux-boxes/beep-writeup.md): Beep is a linux based htb machine having a very large list of running services. The machine can be a little overwhelming for some as there are many potential attack vectors.
- [Node Writeup](/oscp-preparation/htb/htb-linux-boxes/node-writeup.md): Node is about enumerating a Express NodeJS application to find an API endpoint that shares too much data including user password hashes ...
- [Sense Writeup](/oscp-preparation/htb/htb-linux-boxes/sense-writeup.md): Sense is an easy box from HackTheBox. Using directory fuzzing to find a text with user credentials can be used to log in to the pfSense admin panel. From there the outdated version of pfsense leads...
- [Mirai Writeup](/oscp-preparation/htb/htb-linux-boxes/mirai-writeup.md): Mirai identifies vulnerable IoT devices using a table of more than 60 common factory default usernames and passwords and logs into them to infect them with the Mirai malware
- [HTB Windows Boxes](/oscp-preparation/htb/htb-windows-boxes.md)
- [Legacy Writeup](/oscp-preparation/htb/htb-windows-boxes/legacy-writeup.md): The top of the list was legacy, a box that seems like it was one of the first released on HTB. It’s a very easy Windows box, vulnerable to two SMB bugs that are easily exploited.
- [Jerry Writeup](/oscp-preparation/htb/htb-windows-boxes/jerry-writeup.md): Jerry is quite possibly the easiest box I’ve done on HackTheBox. There’s a Tomcat install with a default password for the Web Application Manager. I used that to upload a malicious war file ...
- [Blue Writeup](/oscp-preparation/htb/htb-windows-boxes/blue-writeup.md): Probably the easiest machine in HTB, the name itself hints what kind of vulnerability this machine possesses.
- [Devel Writeup](/oscp-preparation/htb/htb-windows-boxes/devel-writeup.md): Another one of the first boxes on HTB, and another simple beginner Windows target.
- [Grandpa Writeup](/oscp-preparation/htb/htb-windows-boxes/grandpa-writeup.md): Grandpa was one of the really early HTB machines. It’s the kind of box that wouldn’t show up in HTB today, and frankly, isn’t as fun as modern targets.
- [Granny Writeup](/oscp-preparation/htb/htb-windows-boxes/granny-writeup.md): As I’m continuing to work through older boxes, and using the same methodology as Grandpa Box, I came to Granny, another easy Windows host involving webshells.