Hack The Box — Haircut: Walkthrough (without Metasploit)

David Tse
11 min readMar 7, 2021


As usual, start with nmap scanning.

$ nmap -sC -sV -Pn -oN nmap.txt -T4 
Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower.
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-06 23:34 HKT
Nmap scan report for
Host is up (0.045s latency).
Not shown…
David Tse

Cyber Security Enthusiast | OSCP | OSWE