Post

HTB Facts Writeup – Full Walkthrough

A Hack The Box Facts writeup, the first box from Season 10 - Underground. This is a Linux machine and is rated easy. Facts was released on 2026-01-31.

Posted
Preview Image
By Xyniath
2 min read
HTB Facts Writeup – Full Walkthrough

Achievement

Add Facts to /etc/hosts

1

10.129.18.223           facts.htb

Info

  • Target: 10.129.18.223
  • Difficulty: Easy
  • OS: Linux

Enumeration

Initial Nmap scan

1

nmap -sC -sV -oN nmap -p- --min-rate 10000 facts.htb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94

Nmap scan report for facts.htb (10.129.18.218)
Host is up (0.022s latency).
Not shown: 65532 closed tcp ports (reset)
PORT      STATE SERVICE VERSION
22/tcp    open  ssh     OpenSSH 9.9p1 Ubuntu 3ubuntu3.2 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey: 
|   256 4d:d7:b2:8c:d4:df:57:9c:a4:2f:df:c6:e3:01:29:89 (ECDSA)
|_  256 a3:ad:6b:2f:4a:bf:6f:48:ac:81:b9:45:3f:de:fb:87 (ED25519)
80/tcp    open  http    nginx 1.26.3 (Ubuntu)
54321/tcp open  http    Golang net/http server
|_http-server-header: MinIO
| fingerprint-strings: 
|   FourOhFourRequest: 
|     HTTP/1.0 400 Bad Request
|     Accept-Ranges: bytes
|     Content-Length: 303
|     Content-Type: application/xml
|     Server: MinIO
|     Strict-Transport-Security: max-age=31536000; includeSubDomains
|     Vary: Origin
|     X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
|     X-Amz-Request-Id: 188FE632F81B2383
|     X-Content-Type-Options: nosniff
|     X-Xss-Protection: 1; mode=block
|     Date: Sat, 31 Jan 2026 19:04:45 GMT
|     <?xml version="1.0" encoding="UTF-8"?>
|     <Error><Code>InvalidRequest</Code><Message>Invalid Request (invalid argument)</Message><Resource>/nice ports,/Trinity.txt.bak</Resource><RequestId>188FE632F81B2383</RequestId><HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId></Error>
|   GenericLines, Help, RTSPRequest, SSLSessionReq: 
|     HTTP/1.1 400 Bad Request
|     Content-Type: text/plain; charset=utf-8
|     Connection: close
|     Request
|   GetRequest: 
|     HTTP/1.0 400 Bad Request
|     Accept-Ranges: bytes
|     Content-Length: 276
|     Content-Type: application/xml
|     Server: MinIO
|     Strict-Transport-Security: max-age=31536000; includeSubDomains
|     Vary: Origin
|     X-Amz-Id-2: dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8
|     X-Amz-Request-Id: 188FE62F6850AE2B
|     X-Content-Type-Options: nosniff
|     X-Xss-Protection: 1; mode=block
|     Date: Sat, 31 Jan 2026 19:04:29 GMT
|     <?xml version="1.0" encoding="UTF-8"?>
|     <Error><Code>InvalidRequest</Code><Message>Invalid Request (invalid argument)</Message><Resource>/</Resource><RequestId>188FE62F6850AE2B</RequestId><HostId>dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId></Error>
|   HTTPOptions: 
|     HTTP/1.0 200 OK
|     Vary: Origin
|     Date: Sat, 31 Jan 2026 19:04:29 GMT
|_    Content-Length: 0
|_http-title: Did not follow redirect to http://facts.htb:9001
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port54321-TCP:V=7.98%I=7%D=1/31%Time=697E523E%P=aarch64-unknown-linux-g
SF:nu%r(GenericLines,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Typ
SF:e:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x
SF:20Bad\x20Request")%r(GetRequest,2B0,"HTTP/1\.0\x20400\x20Bad\x20Request
SF:\r\nAccept-Ranges:\x20bytes\r\nContent-Length:\x20276\r\nContent-Type:\
SF:x20application/xml\r\nServer:\x20MinIO\r\nStrict-Transport-Security:\x2
SF:0max-age=31536000;\x20includeSubDomains\r\nVary:\x20Origin\r\nX-Amz-Id-
SF:2:\x20dd9025bab4ad464b049177c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8\
SF:r\nX-Amz-Request-Id:\x20188FE62F6850AE2B\r\nX-Content-Type-Options:\x20
SF:nosniff\r\nX-Xss-Protection:\x201;\x20mode=block\r\nDate:\x20Sat,\x2031
SF:\x20Jan\x202026\x2019:04:29\x20GMT\r\n\r\n<\?xml\x20version=\"1\.0\"\x2
SF:0encoding=\"UTF-8\"\?>\n<Error><Code>InvalidRequest</Code><Message>Inva
SF:lid\x20Request\x20\(invalid\x20argument\)</Message><Resource>/</Resourc
SF:e><RequestId>188FE62F6850AE2B</RequestId><HostId>dd9025bab4ad464b049177
SF:c95eb6ebf374d3b3fd1af9251148b658df7ac2e3e8</HostId></Error>")%r(HTTPOpt
SF:ions,59,"HTTP/1\.0\x20200\x20OK\r\nVary:\x20Origin\r\nDate:\x20Sat,\x20
SF:31\x20Jan\x202026\x2019:04:29\x20GMT\r\nContent-Length:\x200\r\n\r\n")%
SF:r(RTSPRequest,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Type:\x
SF:20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n400\x20Ba
SF:d\x20Request")%r(Help,67,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent
SF:-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\x20close\r\n\r\n4
SF:00\x20Bad\x20Request")%r(SSLSessionReq,67,"HTTP/1\.1\x20400\x20Bad\x20R
SF:equest\r\nContent-Type:\x20text/plain;\x20charset=utf-8\r\nConnection:\
SF:x20close\r\n\r\n400\x20Bad\x20Request")%r(FourOhFourRequest,2CB,"HTTP/1
SF:\.0\x20400\x20Bad\x20Request\r\nAccept-Ranges:\x20bytes\r\nContent-Leng
SF:th:\x20303\r\nContent-Type:\x20application/xml\r\nServer:\x20MinIO\r\nS
SF:trict-Transport-Security:\x20max-age=31536000;\x20includeSubDomains\r\n
SF:Vary:\x20Origin\r\nX-Amz-Id-2:\x20dd9025bab4ad464b049177c95eb6ebf374d3b
SF:3fd1af9251148b658df7ac2e3e8\r\nX-Amz-Request-Id:\x20188FE632F81B2383\r\
SF:nX-Content-Type-Options:\x20nosniff\r\nX-Xss-Protection:\x201;\x20mode=
SF:block\r\nDate:\x20Sat,\x2031\x20Jan\x202026\x2019:04:45\x20GMT\r\n\r\n<
SF:\?xml\x20version=\"1\.0\"\x20encoding=\"UTF-8\"\?>\n<Error><Code>Invali
SF:dRequest</Code><Message>Invalid\x20Request\x20\(invalid\x20argument\)</
SF:Message><Resource>/nice\x20ports,/Trinity\.txt\.bak</Resource><RequestI
SF:d>188FE632F81B2383</RequestId><HostId>dd9025bab4ad464b049177c95eb6ebf37
SF:4d3b3fd1af9251148b658df7ac2e3e8</HostId></Error>");
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Sat Jan 31 19:05:29 2026 -- 1 IP address (1 host up) scanned in 72.51 seconds
⚠️

Oh No! This Machine is Still Active!

Facts is currently ACTIVE on Hack The Box. To adhere with Hack the Box’s community guidelines, the remainder of this post will be locked until the machine is retired.

For hints or discussion, join the community on the Hack The Box Discord.

Happy Hacking! 👾

Writeups, HTB
easy hack the box write-up linux cve season 10
This post is licensed under CC BY 4.0 by the author.