farSec/HTB-WriteUps

# Hack The Box Writeups A collection of structured writeups for retired Hack The Box machines. The objective of this repository is not only to document exploitation techniques, but to demonstrate a professional security assessment mindset through methodology, attack path analysis, root cause identification, remediation recommendations, and lessons learned. ## Machines | Machine | Difficulty | Category | Key Skills | Writeup | | --------- | ---------- | ------------------------ | ---------------------------------------------------------------- | -------------------- | | Lame | Easy | Network / SMB | Enumeration, SMB, RCE | [View](./lame/) | | Bashed | Easy | Web | Web Enumeration, RCE, Privilege Escalation | [View](./bashed/) | | Sense | Easy | Web / Firewall | Credential Leak, Web Exploitation | [View](./sense/) | | Netmon | Easy | Windows | Service Enumeration, Credential Discovery | [View](./netmon/) | | Principal | Medium | Web Application Security | JWT Security, API Security, Information Disclosure, SSH CA Abuse | [View](./principal/) | ## Assessment Methodology Each machine is approached using a structured assessment workflow: Information Gathering │ ▼ Attack Surface Mapping │ ▼ Vulnerability Discovery │ ▼ Exploitation │ ▼ Privilege Escalation │ ▼ Root Cause Analysis │ ▼ Remediation & Lessons Learned ## Writeup Structure Each writeup follows a consistent reporting format: 1. Executive Summary 2. Scope 3. Enumeration 4. Vulnerability Identification 5. Exploitation 6. Privilege Escalation 7. Root Cause Analysis 8. Remediation Recommendations 9. Lessons Learned ## Skills Demonstrated ### Web Application Security * OWASP Top 10 * Authentication Testing * Authorization Testing * API Security * JWT Security * Information Disclosure * Business Logic Assessment ### Infrastructure Security * Linux Enumeration * Windows Enumeration * Privilege Escalation * Credential Abuse * Service Misconfiguration Analysis ### Reporting & Documentation * Executive Summaries * Attack Path Documentation * Root Cause Analysis * Risk Communication * Remediation Guidance ## What This Demonstrates * Methodical enumeration * Structured attack path analysis * Understanding of root causes * Clear explanation of security impact * Reproducible technical documentation * Translation of lab findings into real-world security lessons * Professional reporting practices ## Disclaimer These writeups are intended for educational purposes only and document retired Hack The Box machines. No real-world systems were targeted during the creation of this content.