Adventures with Pentesting

Learning by doing with Hack The Box (HTB)

During those locked down times I’ve been starting to play with Hack The Box, an online platform allowing to do Penetration Testing, using a lab of Virtual Machines designed for this.

It’s some kind of gamified hacking: you have a profile, you earn points and you can level up. At HTB I’m gwarf.

It’s a great way of starting to learn pentesting without causing troubles and in a legit environment.

It’s fun to notice that even registering to the site requires you to find your way in (tips: look at the source Luke).

The goal being to learn it’s recommended to progress slowly, and even if sometimes it could be required to look for tips, especially at the beginning, the most important is to understand what’s happening.

And as with Bloodborne even if you can/should look at tips you always feel stronger and enjoy more dopamine when you succeed alone.

Starting with an HTB VM

  • Boot up your pentest VM (like Kali, Parrot or Blackarch)
  • Add VM hostname into /etc/hosts (in case the VM comes with a webserver it’s useful to access it via the IP and the expected VHost)
    • On HTB the VM hostname is usually the VM name + htb (like for book: book.htb)