Day 78: HTB

Diddy Doodat
2 min readMar 18, 2019

Have you heard about Hack the Box? I hope so, it’s literally so damn good words can’t express how thankful I am to the creators. If you have not, it’s an online platform to test and advance your skills in penetration testing and cyber security. Awsome.

If you can afford it or work will pay, get the VIP subscription because then you don’t have to deal with nearly half as many pesky resets mid-priv. esc. etc, in fact, mostly none at all as they fill labs nicely and not over pack.

I am about to spend the evening on, it’s been a while, but before I do let me share how I usually set up my environment. I grab a list of the IPs and add it to hosts.txt with boxname.htb, this helps for some hidden content that can only be found when requesting with the host, all boxes should follow this format but might not use it in any way. Below is a list of the current ones to get you started.

Current List of Targets for /etc/hosts frolic.htb curling.htb vault.htb redcross.htb irked.htb bighead.htb teacher.htb lightweight.htb chaos.htb conceal.htb sizzle.htb help.htb flujab.htb ctf.htb friendzone.htb querier.htb hackback.htb netmon.htb fortune.htb arkham.htb


Then to keep all my content and testing organized I run this command. Save the list above as targets.txt in a directory like HackTheBox.

for dir in $(cat targets.txt | cut -d" " -f2); do mkdir $dir; done

You should be left with this…

Now you can spend the evening hacking away with a nicely organized set-up with all the hosts ready to use, like so…

nmap -sV -sC fortune.htb -oN initial-scan.nmap

If you are lazy like me …

Initial Scan

for dir in $(cat targets.txt | cut -d" " -f2); do cd ~/HackTheBox/$dir && nmap -sV -sC $dir -oN initial-scan.nmap; done

Vuln Scan

for dir in $(cat targets.txt | cut -d" " -f2); do cd ~/HackTheBox/$dir && nmap --script vuln $dir -oN vuln-scan.nmap; done

Happy Pwnage!