<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Htb on Freedie | Penetration Testing Lab Writeups</title><link>http://freedie.org/tags/htb/</link><description>Recent content in Htb on Freedie | Penetration Testing Lab Writeups</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sat, 13 Jun 2026 00:27:08 -0400</lastBuildDate><atom:link href="http://freedie.org/tags/htb/index.xml" rel="self" type="application/rss+xml"/><item><title>Tabby</title><link>http://freedie.org/htb-writeups/tabby/</link><pubDate>Sat, 13 Jun 2026 00:27:08 -0400</pubDate><guid>http://freedie.org/htb-writeups/tabby/</guid><description>https://www.hackthebox.com/machines/Tabby
OS: Linux 10.129.16.54 Credentials: Username Password Notes/Hash tomcat $3cureP4s5w0rd123! Leaked password from LFI vulnerability ash admin@it Cracked password from the backup zip file nmap results: # Nmap 7.99 scan initiated Fri Jun 12 19:45:45 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Tabby 10.129.16.54 Nmap scan report for 10.129.16.54 Host is up, received reset ttl 63 (0.019s latency). Scanned at 2026-06-12 19:45:46 EDT for 20s Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>LinkVortex</title><link>http://freedie.org/htb-writeups/linkvortex/</link><pubDate>Fri, 12 Jun 2026 19:40:40 -0400</pubDate><guid>http://freedie.org/htb-writeups/linkvortex/</guid><description>https://www.hackthebox.com/machines/LinkVortex
OS: Linux 10.129.231.194 Credentials: Username Password Notes/Hash admin@linkvortex.htb OctopiFociPilfer45 leaked credential from git repository bob fibber-talented-worth from arbitrary file read nmap results: # Nmap 7.99 scan initiated Fri Jun 12 11:57:48 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/LinkVortex 10.129.231.194 Nmap scan report for 10.129.231.194 Host is up, received reset ttl 63 (0.018s latency). Scanned at 2026-06-12 11:57:49 EDT for 21s Not shown: 65466 closed tcp ports (reset), 67 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Editorial</title><link>http://freedie.org/htb-writeups/editorial/</link><pubDate>Fri, 12 Jun 2026 02:13:38 -0400</pubDate><guid>http://freedie.org/htb-writeups/editorial/</guid><description>https://www.hackthebox.com/machines/Editorial
OS: Linux 10.129.15.185 Credentials: Username Password Notes/Hash dev dev080217_devAPI!@ leaked password from vulnerable SSRF api prod 080217_Producti0n_2023!@ from git enumeration in dev home directory nmap results: # Nmap 7.99 scan initiated Thu Jun 11 22:59:02 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Editorial 10.129.15.185 Nmap scan report for 10.129.15.185 Host is up, received reset ttl 63 (0.016s latency). Scanned at 2026-06-11 22:59:02 EDT for 21s Not shown: 65289 closed tcp ports (reset), 244 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Sunday</title><link>http://freedie.org/htb-writeups/sunday/</link><pubDate>Thu, 11 Jun 2026 18:33:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/sunday/</guid><description>https://www.hackthebox.com/machines/Sunday
OS: 10.129.15.113 Credentials: Username Password Notes/Hash sunny sunday guessing password after obtain username from finger sammy cooldude! cracked password from /backup/shadow.bak nmap results: # Nmap 7.99 scan initiated Thu Jun 11 15:38:04 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Sunday 10.129.15.113 Nmap scan report for 10.129.15.113 Host is up, received reset ttl 63 (0.017s latency). Scanned at 2026-06-11 15:38:05 EDT for 190s Not shown: 62534 filtered tcp ports (no-response), 2996 closed tcp ports (reset) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 79/tcp open finger?</description></item><item><title>Editor</title><link>http://freedie.org/htb-writeups/editor/</link><pubDate>Thu, 11 Jun 2026 15:22:19 -0400</pubDate><guid>http://freedie.org/htb-writeups/editor/</guid><description>https://www.hackthebox.com/machines/Editor
OS: Linux 10.129.231.23 Credentials: Username Password Notes/Hash nmap results: # Nmap 7.99 scan initiated Thu Jun 11 12:42:51 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Editor 10.129.231.23 Nmap scan report for 10.129.231.23 Host is up, received echo-reply ttl 63 (0.022s latency). Scanned at 2026-06-11 12:42:52 EDT for 41s Not shown: 64828 closed tcp ports (reset), 704 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Busqueda</title><link>http://freedie.org/htb-writeups/busqueda/</link><pubDate>Thu, 11 Jun 2026 01:59:34 -0400</pubDate><guid>http://freedie.org/htb-writeups/busqueda/</guid><description>https://www.hackthebox.com/machines/Busqueda
OS: Linux 10.129.187.196 Credentials: Username Password cody jh1usoih2bkjaspwe92 svc jh1usoih2bkjaspwe92 administrator yuiu1hoiu4i5ho1uh nmap results: 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.1 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 4f:e3:a6:67:a2:27:f9:11:8d:c3:0e:d7:73:a0:2c:28 (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIzAFurw3qLK4OEzrjFarOhWslRrQ3K/MDVL2opfXQLI+zYXSwqofxsf8v2MEZuIGj6540YrzldnPf8CTFSW2rk= | 256 81:6e:78:76:6b:8a:ea:7d:1b:ab:d4:36:b7:f8:ec:c4 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTtbUicaITwpKjAQWp8Dkq1glFodwroxhLwJo6hRBUK 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.52 (Ubuntu) |_http-title: Did not follow redirect to http://searcher.</description></item><item><title>Pandora</title><link>http://freedie.org/htb-writeups/pandora/</link><pubDate>Thu, 11 Jun 2026 01:44:52 -0400</pubDate><guid>http://freedie.org/htb-writeups/pandora/</guid><description>https://www.hackthebox.com/machines/Pandora
OS: Linux 10.129.14.224 Credentials: Username Password Notes/Hash daniel HotelBabylon23 found from SNMP nmap results: # Nmap 7.99 scan initiated Wed Jun 10 23:15:26 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Pandora 10.129.14.224 Nmap scan report for 10.129.14.224 Host is up, received reset ttl 63 (0.015s latency). Scanned at 2026-06-10 23:15:27 EDT for 21s Not shown: 64902 closed tcp ports (reset), 631 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>CozyHosting</title><link>http://freedie.org/htb-writeups/cozyhosting/</link><pubDate>Tue, 09 Jun 2026 14:39:40 -0400</pubDate><guid>http://freedie.org/htb-writeups/cozyhosting/</guid><description>https://www.hackthebox.com/machines/CozyHosting
OS: Linux 10.129.229.88 Credentials: Username Password Notes/Hash josh manchesterunited from cracking hahes from database nmap results: # Nmap 7.99 scan initiated Tue Jun 9 11:26:24 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/CozyHosting 10.129.229.88 Nmap scan report for 10.129.229.88 Host is up, received echo-reply ttl 63 (0.020s latency). Scanned at 2026-06-09 11:26:25 EDT for 20s Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Pilgrimage</title><link>http://freedie.org/htb-writeups/pilgrimage/</link><pubDate>Tue, 09 Jun 2026 00:58:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/pilgrimage/</guid><description>https://www.hackthebox.com/machines/Pilgrimage
OS: Debian 10.129.12.75 Credentials: Username Password Notes/Hash emily abigchonkyboi123 dumping from a database file with LFI nmap results: # Nmap 7.99 scan initiated Mon Jun 8 12:03:46 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Pilgrimage 10.129.12.75 Nmap scan report for 10.129.12.75 Host is up, received echo-reply ttl 63 (0.022s latency). Scanned at 2026-06-08 12:03:47 EDT for 21s Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Precious</title><link>http://freedie.org/htb-writeups/precious/</link><pubDate>Mon, 08 Jun 2026 02:11:29 -0400</pubDate><guid>http://freedie.org/htb-writeups/precious/</guid><description>https://www.hackthebox.com/machines/Precious
OS: 10.129.228.98 Credentials: Username Password Notes/Hash henry Q3c1AqGHtoI0aXAYFH found in a config file in ruby&amp;rsquo;s home directory nmap results: # Nmap 7.99 scan initiated Sun Jun 7 23:09:19 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Precious 10.129.228.98 Nmap scan report for 10.129.228.98 Host is up, received echo-reply ttl 63 (0.015s latency). Scanned at 2026-06-07 23:09:19 EDT for 18s Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Devvortex</title><link>http://freedie.org/htb-writeups/devvortex/</link><pubDate>Sun, 07 Jun 2026 22:31:29 -0400</pubDate><guid>http://freedie.org/htb-writeups/devvortex/</guid><description>https://www.hackthebox.com/machines/Devvortex
OS: Linux 10.129.229.146 Credentials: Username Password Notes/Hash lewis P4ntherg0t1n5r3c0n## dumped from joomla exploit nmap results: # Nmap 7.99 scan initiated Sun Jun 7 19:40:01 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Devvortex 10.129.229.146 Nmap scan report for 10.129.229.146 Host is up, received reset ttl 63 (0.016s latency). Scanned at 2026-06-07 19:40:02 EDT for 19s Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.</description></item><item><title>Nibbles</title><link>http://freedie.org/htb-writeups/nibbles/</link><pubDate>Fri, 05 Jun 2026 21:44:31 -0400</pubDate><guid>http://freedie.org/htb-writeups/nibbles/</guid><description>https://www.hackthebox.com/machines/Nibbles
OS: Ubuntu 10.129.10.51 Credentials: Username Password Notes/Hash admin nibbles password found with Google AI Overview nmap results: # Nmap 7.99 scan initiated Fri Jun 5 20:40:31 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Nibbles 10.129.10.51 Nmap scan report for 10.129.10.51 Host is up, received echo-reply ttl 63 (0.017s latency). Scanned at 2026-06-05 20:40:32 EDT for 20s Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7.</description></item><item><title>Swagshop</title><link>http://freedie.org/htb-writeups/swagshop/</link><pubDate>Thu, 04 Jun 2026 18:37:59 -0400</pubDate><guid>http://freedie.org/htb-writeups/swagshop/</guid><description>https://www.hackthebox.com/machines/SwagShop
OS: Linux Ubuntu 10.129.229.138 Credentials: Username Password Notes/Hash forme forme after running exploit to create an account on /admin nmap results: # Nmap 7.99 scan initiated Thu Jun 4 15:11:32 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/SwagShop 10.129.229.138 Nmap scan report for 10.129.229.138 Host is up, received reset ttl 63 (0.017s latency). Scanned at 2026-06-04 15:11:33 EDT for 23s Not shown: 65359 closed tcp ports (reset), 174 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7.</description></item><item><title>Bashed</title><link>http://freedie.org/htb-writeups/bashed/</link><pubDate>Wed, 03 Jun 2026 10:50:00 -0400</pubDate><guid>http://freedie.org/htb-writeups/bashed/</guid><description>https://www.hackthebox.com/machines/Bashed
OS: Ubuntu 10.129.186.17 Credentials: Username Password nmap results: 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.18 ((Ubuntu)) |_http-favicon: Unknown favicon MD5: 6AA5034A553DFA77C3B2C7B4C26CF870 |_http-title: Arrexel&amp;#39;s Development Site | http-methods: |_ Supported Methods: GET HEAD POST OPTIONS |_http-server-header: Apache/2.4.18 (Ubuntu) Device type: general purpose Running: Linux 3.X|4.X OS CPE: cpe:/o:linux:linux_kernel:3 cpe Attack + Enum Vectors: (Ports, etc.) TCP 80: HTTP Web Service Enum: Gobuster / wfuzz after enuming with gobuster: we found a /dev directory with web shell</description></item><item><title>Irked</title><link>http://freedie.org/htb-writeups/irked/</link><pubDate>Tue, 02 Jun 2026 22:49:13 -0400</pubDate><guid>http://freedie.org/htb-writeups/irked/</guid><description>https://www.hackthebox.com/machines/irked
OS: Linux 10.129.8.83 Credentials: Username Password Notes/Hash nmap results: # Nmap 7.99 scan initiated Tue Jun 2 14:06:31 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Irked 10.129.8.83 Nmap scan report for 10.129.8.72 Host is up, received echo-reply ttl 63 (0.018s latency). Scanned at 2026-06-02 14:06:32 EDT for 26s Not shown: 65528 closed tcp ports (reset) PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 6.</description></item><item><title>BoardLight</title><link>http://freedie.org/htb-writeups/boardlight/</link><pubDate>Mon, 01 Jun 2026 23:49:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/boardlight/</guid><description>https://www.hackthebox.com/machines/BoardLight
OS: Linux 10.129.186.128 Credentials: Username Password dolibarrowner serverfun2$2023!! nmap results: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 3072 06:2d:3b:85:10:59:ff:73:66:27:7f:0e:ae:03:ea:f4 (RSA) | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDH0dV4gtJNo8ixEEBDxhUId6Pc/8iNLX16+zpUCIgmxxl5TivDMLg2JvXorp4F2r8ci44CESUlnMHRSYNtlLttiIZHpTML7ktFHbNexvOAJqE1lIlQlGjWBU1hWq6Y6n 1tuUANOd5U+Yc0/h53gKu5nXTQTy1c9CLbQfaYvFjnzrR3NQ6Hw7ih5u3mEjJngP+Sq+dpzUcnFe1BekvBPrxdAJwN6w+MSpGFyQSAkUthrOE4JRnpa6jSsTjXODDjioNkp2NLkKa73Yc2DHk3evNUXfa+P8oWFBk8ZXSHFy eOoNkcqkPCrkevB71NdFtn3Fd/Ar07co0ygw90Vb2q34cu1Jo/1oPV1UFsvcwaKJuxBKozH+VA0F9hyriPKjsvTRCbkFjweLxCib5phagHu6K5KEYC+VmWbCUnWyvYZauJ1/t5xQqqi9UWssRjbE1mI0Krq2Zb97qnONhzcc lAPVpvEVdCCcl0rYZjQt6VI1PzHha56JepZCFCNvX3FVxYzEk= | 256 59:03:dc:52:87:3a:35:99:34:44:74:33:78:31:35:fb (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK7G5PgPkbp1awVqM5uOpMJ/xVrNirmwIT21bMG/+jihUY8rOXxSbidRfC9KgvSDC4flMsPZUrWziSuBDJAra5g= | 256 ab:13:38:e4:3e:e0:24:b4:69:38:a9:63:82:38:dd:f4 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILHj/lr3X40pR3k9+uYJk4oSjdULCK0DlOxbiL66ZRWg 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu)) |_http-title: Site doesn&amp;#39;t have a title (text/html; charset=UTF-8).</description></item><item><title>Broker</title><link>http://freedie.org/htb-writeups/broker/</link><pubDate>Mon, 01 Jun 2026 23:49:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/broker/</guid><description>https://www.hackthebox.com/machines/Broker
OS: Linux 10.129.230.87 Credentials: Username Password nmap results: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ+m7rYl1vRtnm789pH3IRhxI4CNCANVj+N5kovboNzcw9vHsBwvPX3KYA3cxGbKiA0VqbKRpOHnpsMuHEXEVJc= | 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtuEdoYxTohG80Bo6YCqSzUY9+qbnAFnhsk4yAZNqhM 80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu) | http-auth: | HTTP/1.1 401 Unauthorized\x0D |_ basic realm=ActiveMQRealm |_http-title: Error 401 Unauthorized |_http-server-header: nginx/1.18.0 (Ubuntu) 1883/tcp open mqtt syn-ack ttl 63 | mqtt-subscribe: | Topics and their most recent payloads: | ActiveMQ/Advisory/MasterBroker: |_ ActiveMQ/Advisory/Consumer/Topic/#: 5672/tcp open amqp?</description></item><item><title>Codify</title><link>http://freedie.org/htb-writeups/codify/</link><pubDate>Mon, 01 Jun 2026 23:49:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/codify/</guid><description>https://www.hackthebox.com/machines/Codify
OS: Linux 10.129.188.8 Credentials: Username Password joshua spongebob1 nmap results: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 96:07:1c:c6:77:3e:07:a0:cc:6f:24:19:74:4d:57:0b (ECDSA) | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN+/g3FqMmVlkT3XCSMH/JtvGJDW3+PBxqJ+pURQey6GMjs7abbrEOCcVugczanWj1WNU5jsaYzlkCEZHlsHLvk= | 256 0b:a4:c0:cf:e2:3b:95:ae:f6:f5:df:7d:0c:88:d6:ce (ED25519) |_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIm6HJTYy2teiiP6uZoSCHhsWHN+z3SVL/21fy6cZWZi 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 | http-methods: |_ Supported Methods: HEAD POST OPTIONS |_http-title: Did not follow redirect to http://codify.htb/ |_http-server-header: Apache/2.</description></item><item><title>Help</title><link>http://freedie.org/htb-writeups/help/</link><pubDate>Mon, 01 Jun 2026 23:49:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/help/</guid><description>https://www.hackthebox.com/machines/Help
OS: Ubuntu 10.129.230.159 Credentials: Username Password Notes/Hash Shiv from http://help.htb:3000 nmap results: # Nmap 7.99 scan initiated Mon Jun 1 16:10:36 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/Help 10.129.230.159 Nmap scan report for 10.129.230.159 Host is up, received echo-reply ttl 63 (0.018s latency). Scanned at 2026-06-01 16:10:37 EDT for 28s Not shown: 64490 closed tcp ports (reset), 1042 filtered tcp ports (no-response) Some closed ports may be reported as filtered due to --defeat-rst-ratelimit PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 7.</description></item><item><title>OpenAdmin</title><link>http://freedie.org/htb-writeups/openadmin/</link><pubDate>Mon, 01 Jun 2026 23:49:11 -0400</pubDate><guid>http://freedie.org/htb-writeups/openadmin/</guid><description>https://www.hackthebox.com/machines/OpenAdmin
OS: Linux 10.129.14.206 Credentials: Username Password Notes/Hash ona_sys n1nj4W4rri0R! database password jimmy n1nj4W4rri0R! got a hint from 0xdf writeup to spray password jimmy Revealed the internal service password on unusual port joanna bloodninjas cracked from ssh2john hash on rsa key revealed from unusual port nmap results: # Nmap 7.99 scan initiated Wed Jun 10 18:15:45 2026 as: /usr/lib/nmap/nmap -p- --open -sC -sV -A -vv -oA nmap/OpenAdmin 10.129.14.206 Nmap scan report for 10.</description></item></channel></rss>