🏋Hack the Box Buff Write-up 🏋

Robert Scocca
14 min readJan 24, 2021

Buff is a machine that is relatively beginner friendly. This write-up is similarly geared towards beginners to Hack the Box(HTB) and Pen-testing/Ethical Hacking in general. Things like hacking phases and what a shell is will be explained more in-depth than the average HTB write-up.

This machine is also great for beginners because it employs techniques that are common in Hack the Box and other vulnerable machine platforms. Things like starting a netcat shell and a python web server is done several times, which is great practice.


There are a few things you need to get started hacking something in Hack the Box. A Linux system to act as your attacking host and a Hack the Box account.

  1. Install a Kali Linux Virtual Machine on your Host, I recommend this guide:

2. To create a HTB account, I recommend this guide. Try creating one on your own for a hour or two first:

3. Then follow the steps to connect to the HTB VPN that is on their web UI:

4. Then reset the Buff machine to ensure that it’s up and running properly.

Now let’s get started…

Enumeration Phase

What is the Enumeration Phase? Every hack begins with gathering as much information as you can about the target. The Enumeration Phase of a hack is running port scanners like nmap and researching extensively about what you found out about the target. The goal of the Enumeration Phase is to find a working exploitation vector a.k.a. a vulnerable program.