Introduction: Unleashing the Challenge
Hacking into boxes on Hack The Box (HTB) is like solving a thrilling mystery. Each challenge tests your technical skills, logical thinking, and patience. One of the beginner-friendly but deeply engaging boxes is “Dog” — a medium-difficulty Linux machine that’s loved by many ethical hackers for its clever twist and layered vulnerability path.
This article offers the most detailed and easy-to-follow Dog HTB writeup. Whether you’re new to HTB or brushing up on your skills, this guide will take you step by step — from enumeration to getting root. Let’s dive into the paws of this canine-themed box and crack it together!
What is HTB and Why Dog Box Matters
Hack The Box is an online platform that provides virtual machines for penetration testing practice. Boxes like Dog help budding cybersecurity enthusiasts improve their real-world hacking skills in a legal and controlled environment. Hack The Box is a leading online cybersecurity training platform. You can sign up and explore labs on the official Hack The Box platform.
Dog is a Linux box that blends several concepts — from basic enumeration to file inclusion and privilege escalation. It’s a solid learning experience for beginners and intermediate players alike.
Step 1: Enumeration is the Key
Run an Nmap Scan
Start with a classic Nmap scan:
nmap -sC -sV -oN dog.nmap
Look out for open ports. You’ll typically find:
Port 22 (SSH)
Port 80 (HTTP)
The HTTP service will be your first clue. Visit it in a browser and take notes.
Web Server Analysis
Open the website hosted on port 80. You’ll likely find a pet adoption site or a dog-themed portal. Inspect the page for clues. Use Gobuster to brute-force directories:
gobuster dir -u http:// -w /usr/share/wordlists/dirb/common.txt
Pay attention to folders like /backup, /admin, or hidden files such as .bak.
Step 2: Exploiting Local File Inclusion (LFI)
After discovering vulnerable PHP scripts, test for LFI:
http:///index.php?page=../../../../etc/passwd
If this works, you’re in business. You can now read local files. Your goal? Look for usernames, SSH keys, and config files that might help you escalate privileges or access accounts. LFI is a serious vulnerability that allows reading sensitive files. Learn more in this OWASP guide on Local File Inclusion (LFI).
Step 3: Gaining Shell Access
With the LFI vulnerability confirmed, try using it to extract private SSH keys. For example:
http:///index.php?page=../../../../home/user/.ssh/id_rsa
Download the key, change permissions, and SSH in:
chmod 600 id_rsa
ssh -i id_rsa user@
Boom! You’re in. But don’t bark yet — you’ve only reached the user level.
Step 4: Privilege Escalation
Look for Sudo Permissions
Use:
sudo -l
Check for commands you can run as root. One common escalation method might involve nano, vim, or less. If you can run one of these as root, exploit their shell-escape features:
sudo nano
^R^X (read file)
CTRL+T (execute command)
Or maybe there’s a script in /home or /opt that runs with root privileges but is writable. Inject your payload and elevate yourself.
Bonus: Using LinPEAS or pspy
To speed up the privilege escalation hunt, use tools like:
./linpeas.sh
or monitor processes with:
./pspy64
These tools highlight weaknesses like writable cron jobs, exposed environment variables, or misconfigured binaries.
Root Access — Congratulations!
After privilege escalation, use:
whoami
You should now see root. Grab the final flag from:
cat /root/root.txt
You’ve officially conquered the Dog HTB writeup challenge!
Technical Summary
| Step | Tool/Command | Purpose |
| Enumeration | nmap, gobuster | Discover open ports and directories |
| Vulnerability | Manual inspection | Find LFI vulnerabilities |
| Shell Access | Extract SSH key via LFI | SSH login with private key |
| Escalation | sudo -l, linpeas.sh, pspy | Identify privilege escalation paths |
| Root | Exploit script/sudo permissions | Gain root access |
Lessons Learned
Always perform thorough enumeration.
LFI can lead to critical access if chained properly.
Sudo permissions are often the key to escalation.
Tools like LinPEAS and pspy are invaluable for automation.
This Dog HTB writeup teaches that patience, curiosity, and clear thinking are your strongest allies. For those looking to support focus and relaxation during long hacking sessions, some refreshing mental clarity tools can be surprisingly effective.
Conclusion: You Tamed the Dog
Cracking this box wasn’t just about hacking a system — it was about learning the art of ethical exploitation. With proper enumeration, exploiting LFI, grabbing credentials, and escalating privileges, you’ve completed a major step in your HTB journey.
The Dog HTB writeup offers a full-circle view of what real-world penetration testing looks like — layered, intelligent, and fun.
Final Thoughts
Every HTB box teaches a lesson, and Dog’s lesson is clear: never underestimate simple vulnerabilities. By chaining basic attacks, you can achieve full control. So, keep hacking, stay ethical, and remember — the best hackers are the most curious learners.
FAQs About Dog HTB Writeup
Q1. What is the difficulty level of Dog on HTB?
Dog is rated as a medium-difficulty box but is beginner-friendly if you’ve already done basic HTB machines.
Q2. Can I do Dog HTB writeup without tools?
Not really. You’ll need tools like Nmap, Gobuster, and SSH. Optional tools like LinPEAS help with escalation.
Q3. Is Dog good for beginners?
Yes! Dog is often recommended as a great starter machine after completing “Lame” or “Beep”.
Q4. What skills do I need?
Basic knowledge of Linux commands, Nmap scanning, and vulnerability analysis (especially LFI and privilege escalation).
Q5. Can I share my writeup?
Only after the box is retired. HTB rules prohibit sharing walkthroughs of active boxes.
