Template: HTB writeup skeleton
The structure I use for every Hack The Box writeup — copy this, don't reinvent it.
This is a template, not a real writeup. Replace every section. Delete this quote. Keep the structure.
TL;DR
One paragraph. What was the machine, what was the root cause, and what did exploitation look like end-to-end? Anyone should be able to read just this section and know whether the rest is relevant to them.
Recon
Nmap
nmap -sS -T4 --min-rate 1000 -p- -oN nmap/full.txt 10.10.10.X
Note what’s interesting. Screenshots or paste output.
Service enumeration
- Port X (service) — what I found.
- Port Y (service) — what I found.
Foothold
Walk through the exploit path to the first shell. Show the payload, the response, the shell prompt. Include the why — why did this work?
User
Post-exploitation from foothold to the user flag. Credential reuse? File-system hunting? Misconfiguration?
user.txt
└── <flag>
Privilege escalation
How root was obtained. Every privesc has a lesson — state it explicitly.
root.txt
└── <flag>
Takeaways
- One concrete thing I learned.
- One thing I’d do faster next time.
- One defensive note: how would a blue team catch this?
Tools used
nmap,ffuf,linpeas,pspy, … list them so future-me can re-find them.