Three Machine Checklist
1️⃣ Lab Setup & Scope
- HTB OpenVPN Connected
- Target machine spawned/running
- Target IP identified:
10.129.227.248 - PING check successful
- Legal HTB Lab session verified
2️⃣ Network Discovery
- Target IP confirmed:
10.129.227.248 - Local HTB IP identified
3️⃣ Port Scanning
- All 65535 ports scanned (Found Ports 22, 80)
- Service versions and default scripts detected
4️⃣ Service Enumeration
- Domain
thetoppers.htbidentified - Subdomain
s3.thetoppers.htbdiscovered via Gobuster - S3 bucket permissions checked (Open for public)
5️⃣ Vulnerability Identification
- Path identified (Public S3 write access + Web integration)
6️⃣ Initial Access (Foothold)
- Webshell uploaded to S3
- Gained RCE on the target server
7️⃣ Post-Exploitation Enumeration
- Sensitive data searched (Located
/var/www/flag.txt)
8️⃣ Privilege Escalation
- Not Required (Flag accessible as www-data)
9️⃣ Flags / Proof of Compromise
- Flag found & submitted:
a980d992... - Evidence captured (Screenshots organized)
🔟 Cleanup & Documentation
- Notes completed in Obsidian
- Screenshots organized in
evidence/
🏁 Machine Completion Status
- Pwned ✅
- Flags Submitted to HTB ✅
➡️ Machine SOLVED 🏆