{"target":{"id":"hackthebox-easy","name":"HackTheBox 'Lame' (Retired)","category":"Network Pentest","difficulty":"Beginner","vulns_known":1,"legal_notice":"HackTheBox retired 'easy' machine. Lame is in HTB Academy free tier. Explicitly licensed for practice and writeups.","docker":"N/A (live HTB VPN box)","url_demo":"HTB Academy","kills":["vsftpd 2.3.4 backdoor → root shell in 4 minutes","Full writeup published on tarun blog post-show"]},"script":[{"ts":"00:00–00:05","shot":"Tarun logo slam, glitch transition, synth bass drop","voice":"target locked: HackTheBox 'Lame' (Retired).","screen":"Black → target logo → terminal opens"},{"ts":"00:05–00:15","shot":"Typing sequence: subfinder + httpx + nuclei","voice":"passive recon. mapped 1 live assets. one stands out.","screen":"Live terminal output streaming"},{"ts":"00:15–00:30","shot":"Vuln hypothesis + manual probe","voice":"this looks like a network pentest playground. testing the obvious.","screen":"Curl → response with injection sink highlighted"},{"ts":"00:30–00:55","shot":"Exploit chain: finding → POC → proof","voice":"and we have a beginner-difficulty kill. root in 60 seconds.","screen":"shell pop. whoami. cat /etc/passwd. screenshot."},{"ts":"00:55–01:25","shot":"Tarun commentary + 'why this matters' overlay","voice":"the same bug class lives in production. here's what defenders miss.","screen":"Side-by-side: vulnerable training app vs real-world CVE"},{"ts":"01:25–01:30","shot":"Logo card, subscribe, 'next target: ___'","voice":"next target, in 24 hours. follow the build.","screen":"Tarun logo + social links + countdown to next show"}],"runtime_seconds":90,"render_assets":{"voice_needed":true,"music_track":"synthwave_90s.mp3 (royalty-free)","captions":"auto-generated, English, branded"}}