Have you heard about Hack the Box? I hope so, it’s literally so damn good words can’t express how thankful I am to the creators. If you have not, it’s an online platform to test and advance your skills in penetration testing and cyber security. Awsome.Hack The Box :: Penetration Testing Labs
An online platform to test and advance your skills in penetration testing and cyber security. Join today and start…www.hackthebox.eu
If you can afford it or work will pay, get the VIP subscription because then you don’t have to deal with nearly half as many pesky resets mid-priv. esc. etc, in fact, mostly none at all as they fill labs nicely and not over pack.
I am about to spend the evening on hackthebox.eu, it’s been a while, but before I do let me share how I usually set up my environment. I grab a list of the IPs and add it to hosts.txt with boxname.htb, this helps for some hidden content that can only be found when requesting with the host, all boxes should follow this format but might not use it in any way. Below is a list of the current ones to get you started.
Current List of Targets for /etc/hosts
Then to keep all my content and testing organized I run this command. Save the list above as targets.txt in a directory like HackTheBox.
for dir in $(cat targets.txt | cut -d" " -f2); do mkdir $dir; done
You should be left with this…
Now you can spend the evening hacking away with a nicely organized set-up with all the hosts ready to use, like so…
nmap -sV -sC fortune.htb -oN initial-scan.nmap
If you are lazy like me …
for dir in $(cat targets.txt | cut -d" " -f2); do cd ~/HackTheBox/$dir && nmap -sV -sC $dir -oN initial-scan.nmap; done
for dir in $(cat targets.txt | cut -d" " -f2); do cd ~/HackTheBox/$dir && nmap --script vuln $dir -oN vuln-scan.nmap; done