I’ve completed some write-ups of my solutions for some of the challenges on the HackTheBox pen-testing platform (these will remain password protected with the full flag until the solutions are made public). These won’t be the most sophisticated, elegant or quickest I’m sure, but they follow my learning path and may be of use to others at the same level to compare tactics.

Blunder – Learning points: importance of patching, password reuse vulnerability, privilege auditing, strong passwords and the potential for automated OSINT to recover a password.

HTB Academy – LFI/DT Skill Assessment – Learning Points: Local & Remote File Inclusion, PHP Wrappers, Directory Traversal

HTB Academy – Attacking Web Applications with Ffuf – Skill Assessment – Learning Points: Fuzzing – Directory, Page, Recursion, SubDomain, vHost, Parameter, Value