husayn gokal
Geneva

← Writeups

Htb Practice Method

Methodology
Date
2026-05-17

  • 2x Modules

    • Choose them according to two different difficulties: technical and offensive.
    • Blueprint for tackling each module:
    Step Task
    1. Read the module
    2. Practice the exercises
    3. Complete the module
    4. Start the module exercises from scratch
    5. While solving the exercises again, take notes
    6. Create client-ready minor technical documentation based on the notes
    7. Create client-ready minor non-technical documentation based on the notes

  • 3x Retired Machines:

    • 2x Easy Machines

    • 1x Medium Machine

    • Blueprint for tackling each machine:

      Step Task
      1. Get the user flag on your own
      2. Get the root flag on your own
      3. Write your technical documentation
      4. Write your non-technical documentation
      5. Compare your notes with community write-ups
      6. Create a list of information you missed
      7. Watch Ippsec’s walk-through and compare it with your notes
      8. Replicate Ippsec’s walk-through
      9. Expand your notes and documentation by adding the missed parts
      10. Write a blog on the box and publish it

And finally, re-create the technical and non-technical documentation for all 3 machines.

  • 5x Active Machines:

    • 2x Easy Machines
    • 2x Medium Machines
    • 1x Hard Machine
    • Blueprint for tackling each machine:
    Step Task
    1. Get the user and root flag
    2. Write your technical documentation
    3. Write your non-technical documentation
    4. Have it proofread by technical and non-technical persons

  • 1x Pro Lab / Endgame

There are many retired boxes on the Hack The Box platform that are great for practicing Metasploit. Some of these include, but not limited to:

  • Granny/Grandpa
  • Jerry
  • Blue
  • Lame
  • Optimum
  • Legacy
  • Devel

HTB Academy follows a guided learning approach whereby students work through a module on a given subject, read the material and reproduce the examples to reinforce the topics presented.

The main HTB Platform follows an exploratory learningn approach to put users in a wide variety of real-world scenarios in which they have to use their technical skills and processes such as enumeration to achieve an often unknown goal.

It is always good to mix between the two learning styles.

Resources

Vulnerable Machines and Applications

OWASP Juice Shop Is a modern vulnerable web application written in Node.js, Express, and Angular which showcases the entire OWASP Top Ten along with many other real-world application security flaws.
Metasploitable 2 Is a purposefully vulnerable Ubuntu Linux VM that can be used to practice enumeration, automated, and manual exploitation.
Metasploitable 3 Is a template for building a vulnerable Windows VM configured with a wide range of vulnerabilities.
DVWA This is a vulnerable PHP/MySQL web application showcasing many
common web application vulnerabilities with varying degrees of
difficulty.

Note: It is worth learning how to set these up in our own lab environment to gain extra practice setting up VMs and working with common configurations like setting up a web server.

YouTube Channels

Channel What they cover
IppSec Extremely in-depth walkthrough of every retired HTB box, packed full of insight from his own experience, plus videos on various techniques.
VbScrub HTB videos plus technique deep-dives, primarily focused on Active Directory exploitation.
STÖK Wide-ranging infosec videos, mainly bug bounties and web application penetration testing.
LiveOverflow Wide variety of technical infosec topics.

Blogs

0xdf hacks stuff.

Tutorial Websites

Under The Wire (Windows Powershell)

Over The Wire (Linux Command Line)

HTB Starting Point

Starting Point.

HTB Tracks

Tracks cover a variety of topics and are continually being added to the platform, helping students stay focused on a specific goal while following an exploratory learning approach.

Beginner-Friendly HTB Machines

Lame

Blue

Nibbles

Shocker

Jerry

Ippsec Easy Machine Video Walkthroughs

Windows: https://youtu.be/iIveZ-raTTQ?si=f878M6e8j1IjcOxQ

Linux: https://youtu.be/V_CkT7xyiCc?si=yrt6jQ8-B5i--_dW

Beginner-Friendly HTB Challenges

Find The Easy Pass

Weak RSA

You know 0xDiablos

Prolabs

Lab Scenario
Dante Beginner-friendly to learn common pentesting techniques and methodologies, common pentesting tools, and common vulnerabilities.
Offshore Active Directory lab that simulates a real-world corporate network.
Cybernetics Simulates a fully-upgraded and up-to-date Active Directory network
environment, which is hardened against attacks. It is aimed at
experienced penetration testers and Red Teamers.
RastaLabs Red Team simulation environment, featuring a combination of attacking misconfigurations and simulated users.
APTLabs This lab simulates a targeted attack by an external threat agent
against an MSP (Managed Service Provider) and is the most advanced Pro
Lab offered at this time.

Fortresses

Each lab has several flags that can be found and submitted to the Fortress page. Once you completed the lab by finding all flags, you are awarded a badge from the company that created the fortress. Some companies also provide job offers that are linked to completing the labs to qualify. You need to hold HTB rank Hacker and above to play fortresses. Try to up your ranking by playing active machines and challenges to qualify.

Endgame

Endgames are virtual labs that contain several machines connected to a single network. The scenarios strive to reflect a real-world situation you may encounter when performing a pentest for an actual company. Just like machines, each Endgame lab has a specific attack path that you need to exploit. However, as Endgames have multiple machines, we can learn specific attack paths that we cannot otherwise learn using a single machine only. You need to be of HTB rank Guru and above to play Active Endgames. Retired Endgames are only available to users with a VIP subscription, and they can be played at any rank.

Lab Scenario
Dante Beginner-friendly to learn common pentesting techniques and methodologies, common pentesting tools, and common vulnerabilities.
Offshore Active Directory lab that simulates a real-world corporate network.
Cybernetics Simulates a fully-upgraded and up-to-date Active Directory network
environment, which is hardened against attacks. It is aimed at
experienced penetration testers and Red Teamers.
RastaLabs Red Team simulation environment, featuring a combination of attacking misconfigurations and simulated users.
APTLabs This lab simulates a targeted attack by an external threat agent
against an MSP (Managed Service Provider) and is the most advanced Pro
Lab offered at this time.
  • Root a Retired Easy Box
  • Root a Retired Medium Box
  • Root an Active Box
  • Complete an Easy Challenge
  • Share a Walkthrough of a Retired Box
  • Complete Offensive Academy Modules
  • Root Live Medium/Hard Boxes
  • Complete A Track
  • Win a Hack The Box Battlegrounds Battle
  • Complete A Pro Lab