Welcome to my Hack The Box (HTB) write-ups repository, a comprehensive collection of hands-on cybersecurity walkthroughs. This repository covers HTB Academy labs, challenges, and machines, including detailed step-by-step guides, screenshots, and relevant resources to help beginners and professionals sharpen their penetration testing and ethical hacking skills.
| Category | Subcategory | Description |
|---|---|---|
| Academy Labs | 00. Intro to Academy | Beginner guides with images, fundamentals of Linux, Windows, Networking, Web apps, Bash scripting, and JavaScript deobfuscation |
| 01. Pre-Engagement | Learning process, Penetration testing workflow, setup guides, Linux & Windows fundamentals, Networking basics, Web requests | |
| 02. Information Gathering | Nmap, Python scripting, DNS enumeration, OSINT, footprinting, corporate recon | |
| 03. Vulnerability Assessment | Vulnerability scanning and Metasploit usage | |
| 04. Exploitation | Password attacks, service exploitation, pivoting, AD enumeration | |
| 05. Web Exploitation | Web proxies, Ffuf, SQLi, XSS, File Inclusion, Command Injection, Web apps security | |
| 06. Post-Exploitation | Linux & Windows privilege escalation | |
| 07. Lateral Movement | Techniques for moving across networked systems | |
| 08. Proof-of-Concept | Buffer overflows, intro to assembly | |
| 09. Post-Engagement | Reporting, documentation, attacking enterprise networks | |
| 10. Misc | MacOS fundamentals, Secure coding, Whitebox pentesting |
| Challenges | Name | Description |
|---|---|---|
| 0ld is g0ld | Linux challenge | Beginner-friendly CTF |
| ArtificialUniversity | Linux/Windows challenge | Exploitation and enumeration |
| baby nginxatsu | Web exploitation | Nginx configuration exploitation |
| Baby RE | Reverse engineering | Binary analysis |
| Baby Time Capsule | Forensics | File recovery and timeline analysis |
| … | … | … |
| Under Construction | Various | Placeholder for future challenges |
⚡ Note: Each challenge folder contains step-by-step write-ups, screenshots, and supporting files.
| Machines | Difficulty | Type | Exploitation Techniques |
|---|---|---|---|
| BoardLight | Easy | Linux | CVE-2023-30253 |
| Canvas | Medium | Linux | Web app exploitation, LFI, SQLi |
| Curling | Medium | Linux | Network exploitation |
| Editor | Easy | Windows | Password attacks |
| Eternal-Loop | Hard | Linux | Privilege escalation |
| Fluffy | Medium | Windows | AD enumeration |
| … | … | … | … |
| Triangles | Hard | Linux | Advanced pivoting & post-exploitation |
🚀 Future Additions: Sherlock write-ups and more machines/challenges will be added regularly.
- Step-by-step walkthroughs: Designed for beginners and professionals alike.
- Visual guidance: Screenshots and images included in all labs.
- Hands-on learning: Focused on practical skills rather than theory.
- Covers multiple topics: Linux, Windows, Web, Networking, AD, Pentesting tools.
Contributions are highly welcome! You can submit pull requests or suggest improvements while adhering to HTB’s rules:
- Avoid spoilers for active machines.
- Focus on educational content and learning resources.
- Maintain clear and structured guides with images and references.
Build your cybersecurity skills safely and ethically. Happy hacking! 🚀