Introduction

Active boxes and challenges are not available at this time. Most retired boxes and challenges are listed below. Any writeups posted after March 6, 2021 include a PDF from pentest.ws instead of a CherryTree (CTB) file.

Note on /etc/hosts: I've seen several people "complaining" that those of us doing these writeups are not explaining "why" something needs to be added to /etc/hosts. Well, here's the why. If a website is expecting the DNS name and blocking IP requests (i.e http://10.10.11.105 NO and http://horizontall.htb YES) then we need to send the request as to the DNS name. Except without the entry into /etc/hosts, our machine has no idea who, what, when, or where http://horizontall.htb is in order to pull up the page. So, to those citing "plagerism" on these writeups for not explaining why and what /etc/hosts exists and does, let me say this "Penetration Testing expects you to understand basic networking, systems administration, DNS, Linux knowledge, and a lot more. If you don't know, LEARN before you start accusing people of something as serious as Plagerism." and yes, you can quote me on that.

UPDATE (April 6, 2023): All writeups from this date forward include video walkthroughs. Entries highlighted in green have video links.

Retired Easy Boxes

HTB Challenges

Red = Active (writeups locked until retirement)   |   Yellow = Retired but writeup not complete