zeroToOne

https://zerotoone.initialt.pl/zeroToOneA personal blog about learning new things in tech, programming, and hacking. 2026-02-11T16:04:19+01:00 Initial T https://zerotoone.initialt.pl/ Jekyll © 2026 Initial T /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png HackTheBox | Signed2026-02-11T15:09:01+01:00 2026-02-11T15:09:01+01:00 https://zerotoone.initialt.pl/posts/HTB-Signed/ Initial T

Signed is a retired Windows machine on HackTheBox, after some initial scanning: └─$ nmap signed.htb -T5 -Pn Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-28 12:21 EST Nmap scan report for signed.htb (10.10.11.90) Host is up (0.033s latency). Not shown: 999 filtered tcp ports (no-response) PORT STATE SERVICE 1433/tcp open ms-sql-s we have only mssql port open, and provided us...

HackTheBox | Imagery2026-02-11T15:09:01+01:00 2026-02-11T15:09:01+01:00 https://zerotoone.initialt.pl/posts/HTB-Imagery/ Initial T

Imagery is finally retired machine so I can post my write-up. Nmap shows two open ports PORT STATE SERVICE 22/tcp open ssh 8000/tcp open http-alt At the port 8000 we can see web application called Imagery, which is Python Flask gallery allowing user to upload his images. Scanning for directories and files didn’t give anything useful. My first thought was to try upload some shell in...

Yippee Ki-yay Merry Christmas2025-12-21T13:00:01+01:00 2025-12-21T14:47:28+01:00 https://zerotoone.initialt.pl/posts/Yippee-Ki-yay-Merry-Christmas/ Initial T

Yippee Ki-yay Christmas Tree Decoration Die Hard is my wife’s and my favorite Christmas movie, so this year, inspired by the Ajaxjones project we decided to make our own version. The result was a Christmas tree decoration in the form of John McClane in the Nakatomi ventilation shaft from the first part of the film. The decoration is interactive, the lighter is actually a diode, and there is a ...

HackTheBox | CodePartTwo2025-11-15T16:26:01+01:00 2025-11-29T16:05:56+01:00 https://zerotoone.initialt.pl/posts/HTB-CodePartTwo/ Initial T

That was the easiest machine on HTB so far, so this is going to be a quick post. Let’s start with some scanning: └─$ nmap -p- 10.10.11.82 -T5 -Pn Starting Nmap 7.95 ( https://nmap.org ) at 2025-11-11 18:41 EST Nmap scan report for 10.10.11.82 Host is up (0.026s latency). Not shown: 65532 closed tcp ports (reset) PORT STATE SERVICE 22/tcp open ssh 8000/tcp open http-alt...

HackTheBox | Soulmate2025-11-11T20:36:00+01:00 2025-11-11T20:36:00+01:00 https://zerotoone.initialt.pl/posts/HTB-Soulmate/ Initial T

Soulmate is the Hackbox machine with two flags to catch. Starting with a regular account in the portal, I tried to register as admin and get in return, maybe it will be useful later. Registering under a different name gives us access to a panel where we have several fields to fill out in a form that appears to be invulnerable to any simple techniques. Username already exists Register pa...