# HTB | Starting Point | Tier 0 ### <font color="#9FEF00"> :key: THE KEY IS A STRONG FOUNDATION 📑 </font> ## Index - [Learning Outcomes](#Leraning-Outcomes) - [How to connect to the HTB Starting Point VPN?](#How-to-connect-to-the-HTB-Starting-Point-VPN?) - [Meow | Linux](#Meow-|-Linux) - [Fawn | Linux](#Fawn-|-Linux) - [Dancing | Windows](#Dancing-|-Windows) - [Redeemer | Linux](#Redeemer-|-Linux) - [Explosion | Windows](#Explosion-|-Windows) - [Preignition | Linux](#Preignition-|-Linux) - [Mongod | Linux](#Mongod-|-Linux) - [Synced | Linux](#Synced-|-Linux) - [END](#END) ## <font color="#9FEF00">Leraning Outcomes</font> In the first tier, you will gain essential skills in the world of cybersecurity pen-testing. You'll start by learning how to connect to various services, such as FTP, SMB, Telnet, Rsync, and RDP anonymously. Next, you'll discover the power of Nmap, a valuable tool for identifying open ports on target systems, allowing you to assess their vulnerabilities. Lastly, you'll explore connecting to a MongoDB server, adding a valuable layer to your penetration testing knowledge. This tier will lay a strong foundation for your journey into the realm of cybersecurity. :heavy_check_mark: Learn how to connect FTP, SMB, Telnet, Rsync and RDP anonymously. :heavy_check_mark: Learn how to use Nmap to identify open ports. :heavy_check_mark: Learn how to connect to a MongoDB server. ## <font color="#9FEF00">How to connect to the HTB Starting Point VPN?</font> To attack the target machine, you must be on the same network. Connect to the Starting Point VPN using one of the following options.  >**Note:** It may take a minute for HTB to recognize your connection. If you don't see an update after 2-3 minutes, refresh the page. For this tutorial we explain `Connect using OpenVPN`, for it click on `Connect to HTB` at the top right of the page:  Then, select the `Starting Point` tab:  Select the `OpenVPN` tab:  Configure `VPN Access` and `VPN Server`:  Downolad your vpn file, which will look something like this:  Then, start your VPN connection by running the following command: ```bash sudo openvpn starting_point_username.ovpn ```  >**Note:** If openvpn is not installed on your system, you can install it with the following command: ```bash sudo apt install openvpn easy-rsa ``` Once connected, verify the VPN connection is active:  To stop the VPN connection, you can use `Ctrl+C`. However, it’s not necessary to stop the VPN connection if you want to work on another machine; the same VPN connection can be used. <br> ## <font color="#9FEF00">Meow | Linux</font>  ### Target Machine IP Address Click on `Spawn Machine` to start the target machine: After the machine is initialized, its IP address will be displayed:  ### Task 1 **What does the acronym VM stand for?** ``` Virtual Machine ``` For more information, click [here.](https://www.vmware.com/topics/virtual-machine ) >**Note:** Once you provide the correct answer, the following message will appear:  ### Task 2 **What tool do we use to interact with the operating system in order to issue commands via the command line, such as the one to start our VPN connection? It's also known as a console or shell.** ``` Terminal ``` For more information, click [here.](https://ubuntu.com/tutorials/command-line-for-beginners#1-overview) ### Task 3 **What service do we use to form our VPN connection into HTB labs?** ``` OpenVPN ``` To establish a VPN connection to the HTB labs, [OpenVPN](https://openvpn.net/as-docs/linux.html) is used, as was done earlier. ### Task 4 **What tool do we use to test our connection to the target with an ICMP echo request?** ``` Ping ``` This command sends ICMP Echo Request packets to the specified target and waits for a reply. If the target is reachable, you'll receive a response, indicating that the connection is successful. ```bash ping $IP ```  For more information, click [here.](https://www.hostinger.es/tutoriales/comando-ping-linux#Sintaxis_y_opciones_del_comando_ping) ### Task 5 **What is the name of the most common tool for finding open ports on a target?** ``` Nmap ``` The most common tool for finding open ports on a target is Nmap. It is widely used for network discovery and security auditing, allowing you to scan a target system for open ports and services. ```bash nmap $IP ```  The nmap scan shows that the target IP (10.129.55.164) is up with port 23 open, running the Telnet service. All other 999 TCP ports are closed. The scan completed in 13.84 seconds. >**Note:** By default, Nmap scans the 1000 most common ports based on their usage in popular services. For more information, click [here.](https://nmap.org/book/man.html#man-description) ### Task 6 **What service do we identify on port 23/tcp during our scans?** ``` Telnet ``` As seen in the last [image](https://hackmd.io/_uploads/S1Vp10eSJl.png), the service opened on port 23/tcp is telnet:  ### Task 7 **What username is able to log into the target over telnet with a blank password?** ``` root ``` Search for information on [Telnet penetration testing](https://hackviser.com/tactics/pentesting/services/telnet), noting aspects such as `Passwordless Authentication` and `Common Credentials`. In this case, "admin" doesn't work, but "root" has no password:  ### Submit Flag **Submit root flag** ``` b40abdfe23665f766f9c61ecba8a4c19 ``` Commonly in HTB, they are files named `flag.txt` or `root.txt`:  ### Machine Pwned 🥳🎉Congratulations, you've pawned your first system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Fawn | Linux</font>  ### Target Machine IP Address To display the IP address of the new machine, you need to follow the same steps as with the previous one. The result should look as follows:  ### Task 1 **What does the 3-letter acronym FTP stand for?** ``` File Transfer Protocol ``` For more information, click [here.](https://www.hostinger.com/tutorials/what-is-ftp ) ### Task 2 **Which port does the FTP service listen on usually?** ``` 21 ``` The FTP service usually listens on port 21 for control commands, not to be confused with port 20, which is used for data transfer. For more information, click [here.](https://www.techtarget.com/searchnetworking/tip/Understanding-the-FTP-PORT-command#:~:text=Port%2021%20is%20for%20the,these%20two%20channels%20are%20used.&text=You%20may%20already%20know%20that,FTP%20data%20channel%20by%20default.) ### Task 3 **FTP sends data in the clear, without any encryption. What acronym is used for a later protocol designed to provide similar functionality to FTP but securely, as an extension of the SSH protocol?** ``` SFTP ``` [Secure Transfer Protocol](https://www.hostinger.es/tutoriales/como-usar-sftp) is a much safer way to move files. The SSH protocol supports encryption and other security methods used to better protect file transfers. ### Task 4 **What is the command we can use to send an ICMP echo request to test our connection to the target?** ``` Ping ``` Use the same ping command as before, which sends ICMP Echo Request packets to the specified target and waits for a reply. If the target is reachable, you'll receive a response, confirming the connection is successful. ```bash ping $IP ```  ### Task 5 **From your scans, what version is FTP running on the target?** ``` vsftpd 3.0.3 ``` Now that you’re familiar with the nmap tool, let’s use the following command to identify the FTP version: ```bash nmap -sV -p $IP ```  This command uses the `-sV` option to enable service version detection, which identifies the software version running on open ports. The `-p 21` option specifies that the scan should focus exclusively on port 21, where the FTP service is commonly hosted. Finally, the target IP address `(10.129.1.14)` is provided to direct the scan to the intended system. ### Task 6 **From your scans, what OS type is running on the target?** ``` Unix ``` With the same command as above, we can also determine the operating system running on the target:  ### Task 7 **What is the command we need to run in order to display the 'ftp' client help menu?** ``` ftp -? ``` This will show the available options and commands for the FTP client:  ### Task 8 **What is username that is used over FTP when you want to log in without having an account?** ``` anonymous ``` When logging in over FTP without an account, the default username typically used is `anonymous`. For more information, click [here.](https://book.hacktricks.xyz/network-services-pentesting/pentesting-ftp#anonymous-login) ### Task 9 **What is the response code we get for the FTP message 'Login successful'?** ``` 230 ``` Once connected with the credentials `anonymous:anonymous`, we observe that the code associated with the response `Login successful` is `230`:  ### Task 10 **There are a couple of commands we can use to list the files and directories available on the FTP server. One is dir. What is the other that is a common way to list files on a Linux system.** ``` ls ``` In an FTP client, like in a Linux terminal, the `ls` command is used to list the files and directories in the current directory on the remote server. It displays the contents of the directory you are currently in:  You can see a file called `flag.txt`. For more information, click [here.](https://www.linode.com/docs/guides/ls-command-in-linux/) ### Task 11 **What is the command used to download the file we found on the FTP server?** ``` get ``` Use the following command to download the file `flag.txt`: ```bash get flag.txt ```  ### Submit Flag **Submit root flag** ``` 035db21c881520061c53e0536e44f815 ``` Now that you have downloaded the file to your machine, use th `cat` command to view its contents:  ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Dancing | Windows</font>  ### Target Machine IP Address To display the IP address of the machine, click on "Active Machine." The result should look as follows:  ### Task 1 **What does the 3-letter acronym SMB stand for?** ``` Server Message Block ``` For more information, click [here.](https://www.ibm.com/docs/en/aix/7.3?topic=management-smb-protocol ) ### Task 2 **What port does SMB use to operate at?** ``` 445 ``` To check if the machine has that port open, use: To check the SMB port using nmap, you can run the following command: ``` nmap -sV $IP ```  For more information, click [here.](https://www.upguard.com/blog/smb-port#:~:text=Download%20Now-,What%20are%20Ports%20139%20and%20445%3F,-SMB%20is%20a) ### Task 3 **What is the service name for port 445 that came up in our Nmap scan?** ``` Microsoft-ds ``` `Microsoft-ds` is a service used by Microsoft to provide file and printer sharing over a network. It typically runs on port 445 and is commonly associated with SMB (Server Message Block) for network communication. ### Task 4 **What is the 'flag' or 'switch' that we can use with the smbclient utility to 'list' the available shares on Dancing?** ``` -L ``` Use the following command to view options related to listing shared directories or files in the `smbclient` help menu. ```bash smbclient --help | grep list ```  ### Task 5 **How many shares are there on Dancing?** ``` 4 ```  Now that you’re familiar with the nmap tool, let’s use the following command to identify the FTP version: ```bash nmap -sV -p $IP ```  This command uses the `-sV` option to enable service version detection, which identifies the software version running on open ports. The `-p 21` option specifies that the scan should focus exclusively on port 21, where the FTP service is commonly hosted. Finally, the target IP address `(10.129.1.14)` is provided to direct the scan to the intended system. ### Task 6 **What is the name of the share we are able to access in the end with a blank password?** ``` WorkShares ``` The share that can be accessed with a blank password is `WorkShares` because it is the only one listed that does not require authentication, as shown in the output. The other shares `(ADMIN$, C$, and IPC$)` typically require authentication, and the error "Unable to connect with SMB1" indicates that access to these shares failed due to an authentication issue or the absence of an available SMB1 connection. Therefore, WorkShares is the share that can be accessed without a password in this case. ### Task 7 **What is the command we can use within the SMB shell to download the files we find?** ``` get ``` Connect to the share with the following command: ``` smbclient //SERVER_IP/SHARE_NAME ``` Connect to the share with the following command:  And use `get` to download the files:  ### Submit Flag **Submit root flag** ``` 035db21c881520061c53e0536e44f815 ``` Now that you have downloaded the file to your machine, use the `cat` command to view its contents:  ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Redeemer | Linux</font>  ### Target Machine IP Address To display the IP address of the machine, click on "Active Machine." The result should look as follows:  ### Task 1 **Which TCP port is open on the machine?** ``` 6379 ``` Use this advanced`nmap` command to discover open ports: ``` sudo nmap -p- --open --min-rate 500 -Pn -n $IP ``` - `-p-`: Scans all 65,535 possible TCP ports, instead of just the most common ones. - `--open`: Displays only the ports that are open, filtering out closed or filtered ones. - `--min-rate 500`: Ensures the scan sends at least 500 packets per second, speeding up the process. - `-Pn`: Skips the host discovery (ping sweep) and treats the host as online, useful when ICMP is blocked. - `-n`: Disables DNS resolution to save time.  ### Task 2 **Which service is running on the port that is open on the machine?** ``` Redis ``` As shown in the previous image, the service running on port 6379 is Redis. For more information, click [here.](https://www.ibm.com/topics/redis) ### Task 3 **What type of database is Redis? Choose from the following options: (i) In-memory Database, (ii) Traditional Database** ``` In-memory Database ``` As you can see in the previous link `Redis` is an `in-memory database` that is primarily used as a key-value store. It supports various data structures such as strings, hashes, lists, sets, and sorted sets, making it highly versatile for caching, real-time analytics, and messaging. Its in-memory nature allows for extremely fast read and write operations, and it can persist data to disk for durability. ### Task 4 **Which command-line utility is used to interact with the Redis server? Enter the program name you would enter into the terminal without any arguments.** ``` redis-cli ``` [redis-cli](https://redis.io/docs/latest/develop/tools/cli/) is the Redis command line interface ### Task 5 **Which flag is used with the Redis command-line utility to specify the hostname?** ``` -h ``` For more information, click [here.](https://redis.io/docs/latest/develop/tools/cli/#:~:text=To%20specify%20a%20different%20host%20name%20or%20an%20IP%20address%2C%20use%20the%20%2Dh%20option.) ### Task 6 **Once connected to a Redis server, which command is used to obtain the information and statistics about the Redis server?** ``` INFO ``` Redis `INFO` command will display detailed information and statistics about the Redis server, including sections like Server, Clients, Memory, Persistence, Stats, Replication, CPU, Keyspace, etc:  ### Task 7 **What is the version of the Redis server being used on the target machine?** ``` 5.0.7 ``` Refer to the information displayed by the command.  ### Task 8 **Which command is used to select the desired database in Redis?** ``` SELECT ``` Redis `SELECT` command is used to select the DB with having the specified zero-based numeric index. New connections always use DB 0.  ### Task 8 **How many keys are present inside the database with index 0?** ``` DBSIZE ``` This command will return the total number of keys in the currently selected database (which is 0 by default):  ### Task 10 **Which command is used to obtain all the keys in a database?** ``` KEYS * ``` This will return a list of all keys present in the currently selected database. However, be cautious when using this command in production environments, as it can be slow if there are a large number of keys.  ### Submit Flag **Submit root flag** ``` 03e1d2b376c37ab3f5319922053953eb ``` If you meant to retrieve the value of a key, such as "flag", you can run: ```sql GET flag ``` This will return the value associated with the key "flag", if it exists.  ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Explosion | Windows</font>  ### Target Machine IP Address To display the IP address of the machine, click on "Active Machine." The result should look as follows:  ### Task 1 **What does the 3-letter acronym RDP stand for?** ``` Remote Desktop Protocol ``` The Remote Desktop Protocol `(RDP)` is a protocol, or technical standard, for using a desktop computer remotely. For more information, click [here.](https://www.cloudflare.com/learning/access-management/what-is-the-remote-desktop-protocol/) ### Task 2 **What is a 3-letter acronym that refers to interaction with the host through a command line interface?** ``` cli ``` A command line interface `(CLI)` is a software mechanism you use to interact with your operating system using your keyboard. For more information, click [here.](https://aws.amazon.com/what-is/cli/?nc1=h_ls) ### Task 3 **What about graphical user interface interactions?** ``` gui ``` A graphical user interface `(GUI)` is a digital interface in which a user interacts with graphical components such as icons, buttons, and menus. For more information, click [here.](https://blog.hubspot.com/website/what-is-gui) ### Task 4 **What is the name of an old remote access tool that came without encryption by default and listens on TCP port 23?** ``` telnet ``` Remember the first machine [Meow.](#Meow-|-Linux) ### Task 5 **What is the name of the service running on port 3389 TCP?** ``` ms-wbt-server ``` Use `nmap` to discover it:  The `ms-wbt-server` is a Microsoft Windows-based service that provides remote desktop functionality using the Remote Desktop Protocol (RDP). It is commonly associated with the RDP service on Windows systems, which allows users to connect to a remote computer and access its desktop environment over a network. The service typically listens on TCP port 3389 by default. ### Task 6 **What is the switch used to specify the target host's IP address when using xfreerdp?** ``` /v: ``` `xfreerdp` is a command-line tool for accessing remote desktops via the Remote Desktop Protocol (RDP), primarily used on Linux to connect to Windows systems. Use the following command: ``` xfreerdp /u:$user /v:$IP ```  It establishes a connection, but a password is required. ### Task 7 **What username successfully returns a desktop projection to us with a blank password?** ``` Administrator ``` When testing a system for weak security, common usernames with blank passwords to try include: - `Administrator` - (Windows) - `root` - (Unix/Linux) - `admin` - `guest` - `user` - `test` - `support` - `service` - `sysadmin` These are often default or weakly secured accounts that might allow access if their password is blank. You know it's a Windows system, therefore it starts with `Administrator`:  By using a blank password, you gain access to the system:  ### Submit Flag **Submit root flag** ``` 951fa96d7830c451b536be5a6be008a0 ``` Open the `flag file` from the desktop:  ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Preignition | Linux</font>  ### Target Machine IP Address To display the IP address of the machine, click on "Active Machine." The result should look as follows:  ### Task 1 **Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.** ``` dir busting ``` Dir busting is a technique used in web penetration testing to discover hidden directories and files on a web server. Tools like `dirb`, `gobuster`, or `feroxbuster` send HTTP requests to common or wordlist-based paths to uncover resources that might not be publicly listed. For more information, click [here.](https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/08-Fingerprint_Web_Application_Framework#:~:text=Banshee%20Bottom%20Page-,Specific%20Files%20and%20Folders,-There%20is%20another) ### Task 2 **What switch do we use for nmap's scan to specify that we want to perform version detection** ``` -sV ``` Enables version detection. Nmap sends specific probes to open ports and analyzes responses to identify services and their versions. ### Task 3 **What does Nmap report is the service identified as running on port 80/tcp?** ``` http ``` Use Nmap to discover which service is running on port 80:  For more information about `http`, click [here.](https://developer.mozilla.org/en-US/docs/Web/HTTP) ### Task 4 **What server name and version of service is running on port 80/tcp?** ``` nginx 1.14.2 ``` For more information about `nginx`, click [here.](https://nginx.org/en/) ### Task 5 **What switch do we use to specify to Gobuster we want to perform dir busting specifically?** ``` dir ``` Use `gobuster -h` to discover it:  ### Task 6 **When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?** ``` -x php ``` Use `gobuster dir -h` to discover it:  ### Task 7 **What page is found during our dir busting activities?** ``` admin.php ``` With the current information, you possess sufficient knowledge to enumerate PHP files. To achieve this, use the following command: ``` gobuster dir -u IP -w /path/to/wordlist -x php ```  The command detects the file `admin.php`! ### Task 8 **What is the HTTP status code reported by Gobuster for the discovered page?** ``` 200 ``` As you can see in the previous image, the HTTP status code is 200. ### Submit Flag **Submit root flag** ``` 6483bee07c1c1d57f14e5b0717503c73 ``` Upon accessing the `admin.php` file, you find a login panel:  You can try commonly used username and password combinations.  ``` admin:admin ``` It works!  ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Mongod | Linux</font>  ### Target Machine IP Address To display the IP address of the machine, click on "Active Machine." The result should look as follows:  ### Task 1 **How many TCP ports are open on the machine?** ``` 2 ``` Use nmap with -p- to check all ports:  ### Task 2 **Which service is running on port 27017 of the remote host?** ``` MongoDB 3.6.8 ``` As you can see in the previous image, the service running in the port 27017 is MongoDB 3.6.8. ### Task 3 **What type of database is MongoDB? (Choose: SQL or NoSQL)** ``` NoSQL ``` NoSQL, which stands for Not only SQL, is a database management system approach used to ingest, store, and retrieve unstructured data and semi-structured data within a database. This means that data that cannot be analyzed or counted through traditional relational databases (e.g., SQL) can remain in its native format and be ingested into a NoSQL database. The reason it is called NoSQL is to emphasize that these databases can handle non-tabular, non-relational data models as well as support SQL-like query languages. For more information, click [here.](https://www.mongodb.com/resources/basics/databases/types) ### Task 4 **What is the command name for the Mongo shell that is installed with the mongodb-clients package?** ``` mongosh ``` The MongoDB Shell, mongosh, is a JavaScript and Node.js REPL environment for interacting with MongoDB deployments in Atlas , locally, or on another remote host. Use the MongoDB Shell to test queries and interact with the data in your MongoDB database. For more information, click [here.](https://www.mongodb.com/docs/mongodb-shell/) To install it:  > **Disclaimer:** In this tutorial, the `mongo` shell is used instead of `mongosh` because the `mongo` tool was already installed on my system. Both tools serve the same basic purpose of interacting with MongoDB, but `mongosh` is a more modern version with additional features.  ### Task 5 **What is the command used for listing all the databases present on the MongoDB server? (No need to include a trailing ;)** ``` show dbs ``` To list the databases available to the user, use the helper show dbs:  ### Task 6 **What is the command used for listing out the collections in a database? (No need to include a trailing ;)** ``` show collections ``` Use `show collections;` to list collections:  It works! Now try with the 'sensitive_information' database:  ### Task 7 **What is the command used for dumping the content of all the documents within the collection named flag in a format that is easy to read?** ``` db.flag.find().pretty() ``` The command db.flag.find().pretty() is used in MongoDB to query and display all documents from the collection named flag in a more readable, formatted manner. Here’s a breakdown of what each part does: - db: Refers to the current database you're working in. - flag: Refers to the collection within the current database. - find(): Executes a query to retrieve all documents from the specified collection (flag in this case). If no specific filter is provided inside the parentheses, it returns all documents. - pretty(): Formats the output to make it more human-readable. Without it, the data might appear in a compact format that is hard to read.  ### Submit Flag **Submit root flag** ``` 1b6e6fb359e7c40241b6d431427ba6ea ``` ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">Synced | Linux</font>  ### Target Machine IP Address To display the IP address of the machine, click on "Active Machine." The result should look as follows:  ### Task 1 **What is the default port for rsync?** ``` 873 ``` Port 873 is used when rsync operates in daemon mode for transferring files over a network. If you use rsync over SSH, the default port is 22, as it leverages the SSH protocol for secure communication. For more information, click [here.](https://hackviser.com/tactics/pentesting/services/rsync) ### Task 2 **How many TCP ports are open on the remote host?** ``` 1 ``` Use nmap to discover it:  ### Task 3 **What is the protocol version used by rsync on the remote machine?** ``` 31 ``` You can view the version being used with the `-sV` modifier in Nmap. ### Task 4 **What is the most common command name on Linux to interact with rsync?** ``` rsync ``` The most common command name on Linux to interact with **rsync** is simply `rsync` This command is used for synchronizing files and directories between systems or within the same system. For more information, click [here.](https://linuxize.com/post/how-to-use-rsync-for-local-and-remote-data-transfer-and-synchronization/) ### Task 5 **What credentials do you have to pass to rsync in order to use anonymous authentication? anonymous:anonymous, anonymous, None, rsync:rsync** ``` None ``` The correct credentials to use for anonymous authentication with rsync are `None` When rsync is configured for anonymous authentication, no credentials are typically required. However, if a username is needed, it is often defaulted to `anonymous` with `no password` or a generic one like `anonymous:anonymous` depending on the server configuration. ### Task 6 **What is the option to only list shares and files on rsync? (No need to include the leading -- characters)** ``` list-only ``` The option to only list shares and files on rsync is `--list-only`:  ### Submit Flag **Submit root flag** ``` 72eaf5344ebb84908ae543a719830519 ``` If you want to download the flag.txt file, you can use the following command: ``` rsync rsync://10.129.228.37/public/flag.txt . ```  You have obtained the flag! ### Machine Pwned 🥳🎉Congratulations, you've pawned the system! 🧑‍💻👾  <br> ## <font color="#9FEF00">END</font> Congratulations on completing Tier 0 of the Starting Point on Hack The Box! ### Great job! 🎉