Skip to main content

Starting the box

Link to the box: https://app.hackthebox.com/machines/Pterodactyl

Port Scan

We start off the box by running a port scan on the provided IP.
Attacker Linux
rustscan --ulimit 5000 -a 10.129.16.216 -r 1-65535 -- -A -vvv -oN Pterodactyl
Output of Rustscan:
Terminal Output
Open 10.129.16.216:22
Open 10.129.16.216:80
Output of Nmap:
Terminal Output
PORT   STATE SERVICE REASON         VERSION
22/tcp open  ssh     syn-ack ttl 63 OpenSSH 9.6 (protocol 2.0)
| ssh-hostkey:
|   256 a3:74:1e:a3:ad:02:14:01:00:e6:ab:b4:18:84:16:e0 (ECDSA)
| ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOouXDOkVrDkob+tyXJOHu3twWDqor3xlKgyYmLIrPasaNjhBW/xkGT2otP1zmnkTUyGfzEWZGkZB2Jkaivmjgc=
|   256 65:c8:33:17:7a:d6:52:3d:63:c3:e4:a9:60:64:2d:cc (ED25519)
|_ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJTXNuX5oJaGQJfvbga+jM+14w5ndyb0DN0jWJHQCDd9
80/tcp open  http    syn-ack ttl 63 nginx 1.21.5
|_http-server-header: nginx/1.21.5
|_http-title: Did not follow redirect to http://pterodactyl.htb/
| http-methods:
|_  Supported Methods: GET HEAD POST OPTIONS
A few key notes:
  • Port 22 (SSH) - Only accepts ECDSA and ED25519 keys, no password authentication visible yet.
  • Port 80 (HTTP) - Redirects to http://pterodactyl.htb/. Running Nginx 1.21.5.

Edit the Hosts file

As always, we edit the /etc/hosts file to add the hostname:
Attacker Linux
sudo nano /etc/hosts
/etc/hosts
Nano Interface
10.129.16.216 pterodactyl.htb

Active Box

This box is currently still active on Hack the Box - Full writeup will be available when the box is retired. Feel free to reach out to me on LinkedIn or Discord for nudges & sanity checks.
Last modified on February 18, 2026