HTB: PermX Writeup

#htb #writeup #linux

Machine Banner

Machine Information

AttributeDetails
NamePermX
OSLinux
DifficultyEasy
PointsN/A
Release DateN/A
IP AddressN/A
AuthorD3vnomi

Machine Rating

⭐⭐☆☆☆ (4.0/10)

Difficulty Assessment:

  • Enumeration: ⭐⭐☆☆☆
  • Real-world: ⭐⭐☆☆☆
  • CVE: ⭐☆☆☆☆
  • CTF-like: ⭐⭐☆☆☆

Summary

PermX is an Easy-difficulty Linux machine. Note: The source notes for this machine were not available at the time of writing — the notes file contained detailed information for a different machine (SolarLab) instead. This writeup serves as a template skeleton documenting the machine’s metadata and structure.

[Notes incomplete - exploitation path not documented in source notes]

Reconnaissance

Port Scanning

[Notes incomplete - port enumeration data not documented in source notes]

Terminal window
nmap -sC -sV -T4 -p- <TARGET_IP>

Service Enumeration

[Notes incomplete - service details not documented in source notes]

Vulnerability Assessment

[Notes incomplete - vulnerability analysis not documented in source notes]

Initial Foothold

Exploitation Path

[Notes incomplete - exploitation steps not documented in source notes]

User Compromise

Credential Discovery

[Notes incomplete - credential enumeration not documented in source notes]

User Flag

[Notes incomplete - user flag not documented in source notes]

Terminal window
cat ~/user.txt

🚩 User Flag: <REDACTED>

Privilege Escalation

Enumeration

[Notes incomplete - privilege escalation enumeration not documented in source notes]

Terminal window
sudo -l
find / -perm -4000 -type f 2>/dev/null
ps aux | grep -E "python|java|node|php|ruby"

Exploitation (Root/Administrator)

[Notes incomplete - privilege escalation technique not documented in source notes]

Root Flag

[Notes incomplete - root flag not documented in source notes]

Terminal window
cat /root/root.txt

🚩 Root Flag: <REDACTED>

Attack Chain Summary

[Notes incomplete - attack chain not documented in source notes]

graph TD
    A[Reconnaissance] --> B[Initial Foothold]
    B --> C[User Compromise]
    C --> D[Privilege Escalation]
    D --> E[Root Access]

Tools Used

ToolPurpose
nmapPort scanning and service fingerprinting
gobusterDirectory and subdomain enumeration
ffufWeb fuzzing and subdomain enumeration
burpHTTP request interception and modification
hydraOnline brute-force attacks
metasploitExploitation framework
ncReverse shell listener
python3Scripting and exploit execution
searchsploitExploit database search

Key Learnings

  • Thorough enumeration is critical — every open port and service can be a potential entry point.
  • Credential extraction from various sources enables lateral movement and privilege escalation.
  • Privilege escalation frequently depends on misconfigurations rather than software vulnerabilities.

Author

D3vnomi

Disclaimer

This writeup is for educational purposes only. All activities described were performed in a controlled, legal environment (HackTheBox platform). Unauthorized access to computer systems is illegal.

Last Updated: 08 Mar 2026

Status: Skeleton template (source notes corrupted/missing)

Tags: #HackTheBox #Linux #Easy