HTB Easy Boxes and Challenges
Introduction
Active boxes and challenges are not available at this time. Most retired boxes and challenges are listed below. Any writeups posted after March 6, 2021 include a PDF from pentest.ws instead of a CherryTree (CTB) file.
Note on /etc/hosts: I've seen several people "complaining" that those of us doing these writeups are not explaining "why" something needs to be added to /etc/hosts. Well, here's the why. If a website is expecting the DNS name and blocking IP requests (i.e http://10.10.11.105 NO and http://horizontall.htb YES) then we need to send the request as to the DNS name. Except without the entry into /etc/hosts, our machine has no idea who, what, when, or where http://horizontall.htb is in order to pull up the page. So, to those citing "plagerism" on these writeups for not explaining why and what /etc/hosts exists and does, let me say this "Penetration Testing expects you to understand basic networking, systems administration, DNS, Linux knowledge, and a lot more. If you don't know, LEARN before you start accusing people of something as serious as Plagerism." and yes, you can quote me on that.
UPDATE (April 6, 2023): All writeups from this date forward include video walkthroughs. Entries highlighted in green have video links.
Retired Easy Boxes
HTB Challenges
Red = Active (writeups locked until retirement) | Yellow = Retired but writeup not complete
Crypto
- Baby Encryption
- Brainy's Cipher
- Classic, Yet Complicated
- Flipin Bank
- Lost modulus
- Luna crypt
- mysterybox
- Nuclear Safe
- Protein Cookies
- quick maffs
- Rlotto
- RSAiseasy
- Space Pirates
- Twoforone
- weak rsa
- xorxorxor
Forensics
- chase
- emo
- event Horizon
- export
- illumination
- Insider
- logger
- lure
- no place to hide
- peel back the layers
- Persistence
- S3cr3t_R3cip3
- took the bYte
- usb ripper
Hardware
- Chop Shop
- debugging interface
- factory
- Gawk
- line
- Mini Line
- Mission pinpossible
- Out of time
- secure digital
- signals
- the needle
- unique
- wander
- walkie hackie
Misc
- 0ld is g0ld
- art
- blackhole
- Canvas
- eternal loop
- fs0ciety
- inferno
- longbottom's locker
- Micro Storage
- Misdirection
- the secret of a queen
Mobile
- anchored
- APKey
- apkrypt
- cat
- don't overreact
- manager
- pinned
OSINT
- easy phish
- id exposed
- Intel
- money flowz
PWN
- bad grades
- bat computer
- blacksmith
- format
- HTB Console
- hunting
- Jeeves challenge
- leet test
- nightmare
- optimistic
- pwnshop
- racecar
- reg
- restaurant
- shooting star
- space
- you know 0xdiablos
Reversing
- anti flag
- Baby Crypt
- Baby RE
- bypass
- exatlon
- find the easy pass
- HackyBird
- hissss
- impossible password
- ircware
- ransom
- rauth
- Sekure Decrypt
- snake
- Tear or dear
- You Can't c Me
Stego
- Beatles
- blacksquare
- da vinci
- hackerman
- image processing 101
- milkshake
- pusheen loves graphs
- unified
- widescreen
Web
- abusehumandb
- baby CachedView
- baby auth
- baby bonechewercon
- baby breaking grad
- baby interdimensional internet
- baby nginxatus
- baby todo or not todo
- baby waffiles order
- baby website rick
- diogenes' rage
- emdee five for life
- full stack conf
- gunship
- looking glass
- lovetok
- petpet rcbee
- phonebook
- sanitize
- slippy
- templated
- toxic
- weather app