<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Season-10 on kanyo's blog</title><link>https://chaelsoo.me/tags/season-10/</link><description>Recent content in Season-10 on kanyo's blog</description><generator>Hugo -- gohugo.io</generator><language>en-gb</language><lastBuildDate>Sat, 07 Mar 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://chaelsoo.me/tags/season-10/index.xml" rel="self" type="application/rss+xml"/><item><title>HTB Season 10: CCTV</title><link>https://chaelsoo.me/writeups/htb-cctv/</link><pubDate>Sat, 07 Mar 2026 00:00:00 +0000</pubDate><guid>https://chaelsoo.me/writeups/htb-cctv/</guid><description>&lt;p&gt;CCTV is a Linux Easy box with a network flavor you don&amp;rsquo;t see as often on Easy rated machines. The surveillance theme is consistent throughout. You&amp;rsquo;re watching the system, and the system is watching you back. Passive analysis plays a bigger role here than brute force.&lt;/p&gt;
&lt;h2 id="whats-inside"&gt;What&amp;rsquo;s Inside&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;A surveillance software stack with a web interface worth poking around&lt;/li&gt;
&lt;li&gt;Network traffic that reveals more than the UI does&lt;/li&gt;
&lt;li&gt;A hidden service that only shows up once you&amp;rsquo;re listening in the right place&lt;/li&gt;
&lt;li&gt;A short pivot from that service to a root shell&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;HTB Season 10 is still active. Full writeup drops once this machine retires.&lt;/p&gt;</description></item><item><title>HTB Season 10: Pirate</title><link>https://chaelsoo.me/writeups/htb-pirate/</link><pubDate>Sat, 28 Feb 2026 00:00:00 +0000</pubDate><guid>https://chaelsoo.me/writeups/htb-pirate/</guid><description>&lt;p&gt;Pirate is a Windows Hard box and earns the rating. It&amp;rsquo;s a multi stage Active Directory environment where no single step gets you very far on its own. The path to Domain Admin is built from several smaller wins stacked on top of each other. The kind of machine you want to take notes on.&lt;/p&gt;
&lt;h2 id="whats-inside"&gt;What&amp;rsquo;s Inside&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;A realistic Active Directory environment with multiple users, groups, and services in play&lt;/li&gt;
&lt;li&gt;Early enumeration that rewards thoroughness over speed&lt;/li&gt;
&lt;li&gt;At least two distinct AD misconfigurations that each open a new door&lt;/li&gt;
&lt;li&gt;A final escalation that ties the chain together, satisfying when it clicks&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;HTB Season 10 is still active. Full writeup drops once this machine retires.&lt;/p&gt;</description></item><item><title>HTB Season 10: Interpreter</title><link>https://chaelsoo.me/writeups/htb-interpreter/</link><pubDate>Sat, 21 Feb 2026 00:00:00 +0000</pubDate><guid>https://chaelsoo.me/writeups/htb-interpreter/</guid><description>&lt;p&gt;Interpreter is a Linux Medium that puts a healthcare integration platform in the spotlight. The domain context adds some flavor. Think HL7, FHIR adjacent tooling, the kind of software that runs hospitals and rarely sees a pentest. Getting in is one thing; what happens after is the more memorable part.&lt;/p&gt;
&lt;h2 id="whats-inside"&gt;What&amp;rsquo;s Inside&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;A web facing integration platform with an exploitable component&lt;/li&gt;
&lt;li&gt;Enough context clues in the app to understand what you&amp;rsquo;re targeting&lt;/li&gt;
&lt;li&gt;A foothold that requires reading the application&amp;rsquo;s behavior carefully&lt;/li&gt;
&lt;li&gt;A privilege escalation involving code execution in an unexpected context. This one sticks with you&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;HTB Season 10 is still active. Full writeup drops once this machine retires.&lt;/p&gt;</description></item><item><title>HTB Season 10: WingData</title><link>https://chaelsoo.me/writeups/htb-wingdata/</link><pubDate>Sat, 14 Feb 2026 00:00:00 +0000</pubDate><guid>https://chaelsoo.me/writeups/htb-wingdata/</guid><description>&lt;p&gt;WingData is a Linux Easy box that keeps things straightforward. Exposed service, weak credentials, misconfigured sudo. It&amp;rsquo;s the kind of machine that teaches good enumeration habits more than anything else.&lt;/p&gt;
&lt;h2 id="whats-inside"&gt;What&amp;rsquo;s Inside&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;An FTP service running a version worth looking up&lt;/li&gt;
&lt;li&gt;Credentials that need a bit of offline work to crack&lt;/li&gt;
&lt;li&gt;A foothold that requires patience more than cleverness&lt;/li&gt;
&lt;li&gt;A sudo misconfiguration that closes things out quickly once you&amp;rsquo;re in&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;HTB Season 10 is still active. Full writeup drops once this machine retires.&lt;/p&gt;</description></item><item><title>HTB Season 10: Pterodactyl</title><link>https://chaelsoo.me/writeups/htb-pterodactyl/</link><pubDate>Sat, 07 Feb 2026 00:00:00 +0000</pubDate><guid>https://chaelsoo.me/writeups/htb-pterodactyl/</guid><description>&lt;p&gt;Pterodactyl is a Linux Medium that puts a popular open source game server panel front and center. If you&amp;rsquo;ve ever set up a Minecraft or game hosting environment, the interface will feel familiar, which makes spotting what&amp;rsquo;s wrong with it a bit more satisfying.&lt;/p&gt;
&lt;h2 id="whats-inside"&gt;What&amp;rsquo;s Inside&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;A known vulnerability in a widely deployed panel. Enumeration pays off here&lt;/li&gt;
&lt;li&gt;Database access as a stepping stone, not the final goal&lt;/li&gt;
&lt;li&gt;Credential reuse across services (classic, but it works)&lt;/li&gt;
&lt;li&gt;A privilege escalation that builds naturally on what you already have&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;HTB Season 10 is still active. Full writeup drops once this machine retires.&lt;/p&gt;</description></item><item><title>HTB Season 10: Facts</title><link>https://chaelsoo.me/writeups/htb-facts/</link><pubDate>Sat, 31 Jan 2026 00:00:00 +0000</pubDate><guid>https://chaelsoo.me/writeups/htb-facts/</guid><description>&lt;p&gt;Facts is a Linux Easy box with a clean, grounded feel. The kind of machine where the attack surface is right in front of you if you bother to look carefully at the web app.&lt;/p&gt;
&lt;h2 id="whats-inside"&gt;What&amp;rsquo;s Inside&lt;/h2&gt;
&lt;ul&gt;
&lt;li&gt;A content management system doing more than it should be&lt;/li&gt;
&lt;li&gt;Some cloud storage integration that leaks more than intended&lt;/li&gt;
&lt;li&gt;Credentials hiding in places people forget to clean up&lt;/li&gt;
&lt;li&gt;A privilege escalation that&amp;rsquo;s more creative than your typical SUID hunt&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;HTB Season 10 is still active. Full writeup drops once this machine retires.&lt;/p&gt;</description></item></channel></rss>