HTB Silentium — My first HTB machine without an official writeup
This box wrecked me for a few hours — not because it was complicated, but because I kept going in the wrong direction. I came out the other side actually understanding what I did though, which is the point.
Difficulty: Easy
OS: Linux
Recon
Only two ports open — SSH and HTTP. The main site at silentium.htb is a static fintech page with three staff members listed by name and role. That's not decoration — the box is nudging you toward valid usernames.
Vhost enumeration reveals staging.silentium.htb running Flowise 3.0.5, an open source AI agent builder with its own login.
Finding the Valid User
Flowise’s login endpoint leaks whether an email exists or not through different HTTP status codes — 404 for unknown users, 401 for wrong password. That’s enough to confirm ben@silentium.htb as a valid account without knowing the password.
Full writeup — members only
The complete exploit chain, commands, and methodology are available to members on Buy Me a Coffee.
unlock on buy me a coffee€5 one-off · or monthly membership