HackTheBox CodeTwo Writeup
A walkthrough of the HackTheBox 'CodeTwo' machine which is Easy rated linux box. This write-up covers initial access, privilege escalation, and post-exploitation techniques.
RECONNAISSANCE
NMAP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
──(dollarboysushil㉿kali)-[~/Documents/HTB_BOXES/codetwo]
└─$ nmap -sC -sV 10.129.141.70
Starting Nmap 7.95 ( https://nmap.org ) at 2025-08-18 02:21 EDT
Nmap scan report for 10.129.141.70
Host is up (0.28s latency).
Not shown: 998 closed tcp ports (reset)
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.2p1 Ubuntu 4ubuntu0.13 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 3072 a0:47:b4:0c:69:67:93:3a:f9:b4:5d:b3:2f:bc:9e:23 (RSA)
| 256 7d:44:3f:f1:b1:e2:bb:3d:91:d5:da:58:0f:51:e5:ad (ECDSA)
|_ 256 f1:6b:1d:36:18:06:7a:05:3f:07:57:e1:ef:86:b4:85 (ED25519)
8000/tcp open http Gunicorn 20.0.4
|_http-server-header: gunicorn/20.0.4
|_http-title: Welcome to CodeTwo
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.47 seconds
⚠️ Notice:
This challenge is currently active on HackTheBox.
In accordance with HackTheBox's content policy, this writeup will be made publicly available only after the challenge is retired.
For hints or to chat with the community, join the Dollar T.V Discord server
or send DM on Twitter (X) dollarboysushil.
This challenge is currently active on HackTheBox.
In accordance with HackTheBox's content policy, this writeup will be made publicly available only after the challenge is retired.
For hints or to chat with the community, join the Dollar T.V Discord server
or send DM on Twitter (X) dollarboysushil.
This post is licensed under
CC BY 4.0
by the author.