hACK tHE bOX - Medium
In preparation for HTB instituting a Flag Rotation Policy (which makes protecting writeups with the challenge/root flag impossible), Hack the Box is instituting new rules for writeups.
Active boxes are now protected using the root (*nix)/Administrator (Windows) password hashes. At this time Active Challenges will not be available, but most retired challenges are here. The username for all HTB Writeups is hackthebox.
any writeups posted after march 6, 2021 include a pdf from pentest.ws instead of a ctb Cherry Tree file.
I've seen several people "complaining" that those of us doing these writeups are not explaining "why" something needs to be added to /etc/hosts. Well, here's the why. If a website is expecting the DNS name and blocking IP requests (i.e http://10.10.11.105 NO and http://horizontall.htb YES) then we need to send the request as to the DNS name. Except without the entry into /etc/hosts, our machine has no idea who, what, when, or where http://horizontall.htb is in order to pull up the page. So, to those citing "plagerism" on these writeups for not explaining why and what /etc/hosts exists and does, let me say this "Penetration Testing expects you to understand basic networking, systems administration, DNS, Linux knowledge, and a lot more. If you don't know, LEARN before you start accusing people of something as serious as Plagerism." and yes, you can quote me on that.
UPDATE: Any writeups after April 6, 2023 will have a video walkthrough as well.
The Challenges in RED are ACTIVE Challenges and are not open until their retirement.
Forget me not
missing in action
we have a leak
What does the f say ?
baby ninja jinja
i know mag1k