This repository provides clear walk-throughs for Hack The Box machines and challenges. You can browse over 500 machines and 400 challenges. Our collection helps you prepare for certifications like the OSCP, CPTS, and CRTO.
Technical learning requires practice. This project offers structured paths for your security journey. We organize complex topics into simple diagrams and lists. You gain access to attack paths, skill trees, and knowledge graphs. These tools show how components connect. You can view these resources online at momenbasel.github.io/htb-writeups.
Your computer needs these specifications to run the software tools mentioned in the writeups:
- Windows 10 or Windows 11
- 4 GB of RAM
- 500 MB of disk space
- A modern web browser
- Basic PDF viewer software
Follow these steps to set up the tools on your Windows machine:
- Visit the releases page.
- Look for the latest version at the top of the list.
- Click the file link ending in ".exe" to start the download.
- Open your "Downloads" folder.
- Double-click the downloaded file to run the installer.
- Follow the prompts on the screen to finish the setup.
- Locate the application icon on your desktop.
- Double-click the icon to launch the writeup collection.
The collection organizes content by difficulty and category. Choose a topic like "Active Directory" or "Privilege Escalation" to begin your research. Each section includes:
- Step-by-step instructions for specific machines.
- Diagrams that visualize the attack flow.
- Lists of tools required for each task.
- Links to external references for deeper study.
Use the search bar at the top of the interface to find specific machine names. The interface tracks your progress as you work through the modules.
The collection covers core areas of information security:
- Active Directory: Learn how to manage users and permissions.
- Privilege Escalation: Understand methods to gain administrative access.
- Web Security: Study common flaws in web applications.
- Red Team Operations: Practice simulated attacks in a controlled sandbox.
- Ethical Hacking: Review legal ways to test system defenses.
Each topic includes a cheat sheet. Keep these sheets open for quick reference during your lab sessions.
The knowledge graph helps you see relationships between concepts. Nodes represent machines or techniques. Lines connect them based on shared themes or prerequisites. Click a node to view the associated writeup. This map prevents you from getting lost in the volume of information. It creates a path from beginner concepts to advanced exploits.
This resource assists those studying for industry certifications. We highlight specific labs relevant to:
- OSCP: Focus on intense machine enumeration and exploitation.
- CPTS: Covers wide-reaching penetration testing methodology.
- CRTO: Explores team-based tactics and post-exploitation.
Work through the "Skill Trees" tab to track your readiness. Each node in the tree marks a proficiency level. Once you master the tasks in a level, you move to the next.
Do I need a paid Hack The Box account? While many walk-throughs cover public machines, some premium Labs require an active subscription.
Can I run this on macOS or Linux? The current desktop installer targets Windows. You can use any browser to visit the web version on any operating system.
How often do you add new machines? The team updates the database every month to include new releases from the platform.
Does this software store my progress? The application saves your progress locally on your hard drive. It does not send your data to external servers.
What if an exploit does not work? Security updates change how systems behave. Check the "Notes" section of the writeup for known workarounds or updated command syntax.
Is this for illegal activities? No. This content is for educational purposes only. Only test systems you own or have explicit permission to audit.
Check the repository intermittently for new releases. If you see a newer version number on the release page, download and run the installer again. The update process detects your existing files and refreshes the database without deleting your saved progress. Keeping the software current ensures you have access to the latest machine writeups and feature improvements.