Tips β
Welcome to the Hack The Box Tips section! Here you'll find useful tips for solving CTF challenges on HTB, especially if you're new to hacking or unsure how to get started. My goal is to help you build your skills and confidence through hands-on CTF experience.
π Common Wordlist Paths on HTB Machines β
When searching for wordlists on Hack The Box machines, check these common locations:
π§ Linux Wordlist Paths β
| Path | Description/Notes |
|---|---|
/usr/share/wordlists/ | Default Kali/Parrot location |
/usr/share/seclists/ | If SecLists is installed |
/opt/useful/wordlists/ | Custom/extra wordlists |
/opt/wordlists/ | Custom/extra wordlists |
/home/<user>/wordlists/ | User-specific wordlists |
/var/www/wordlists/ | Web server wordlists |
/tmp/wordlists/ | Temporary wordlists |
/root/wordlists/ | Root user wordlists |
/usr/local/share/wordlists/ | Local share |
/usr/share/dirb/wordlists/ | Dirb tool wordlists |
/usr/share/dirbuster/wordlists/ | DirBuster tool wordlists |
/usr/share/fern-wifi-cracker/wordlists/ | Fern Wifi Cracker tool |
/usr/share/fuzzdb/wordlists/ | FuzzDB wordlists |
π Pro Tip:
Search for wordlists on Linux
Use the following command to find all files with 'wordlist' in their name:
find / -type f -iname "*wordlist*" 2>/dev/nullWindows Wordlist Paths
C:\wordlists\C:\Users\Public\wordlists\C:\Tools\wordlists\C:\Users\<user>\Documents\wordlists\C:\Program Files\wordlists\C:\Temp\wordlists\
TIP
Use find / -type f -iname "*wordlist*" 2>/dev/null (Linux) or dir /s /b *wordlist* (Windows) to search for wordlists.
π οΈ General HTB Tips β
Enumeration is Key
Always enumerate thoroughly. Use tools like nmap, enum4linux, smbclient, ldapsearch, and web fuzzers.
Hidden Files & Directories
Check for hidden files and directories using gobuster, ffuf, or dirsearch with various wordlists.
INFO
Read all banners and error messages: They often contain valuable hints.
Where to Look for Credentials
- Config files
- Backup files
- Scripts
- Comments in web pages
Privilege Escalation
- On Linux, check
sudo -l, SUID binaries, cron jobs, and writable files. - On Windows, check for AlwaysInstallElevated, weak service permissions, and unquoted service paths.
Use LinPEAS/WinPEAS
These scripts automate privilege escalation checks.
INFO
Check running processes and open ports: Sometimes services are only accessible locally.
Kernel Exploits
Don't forget about kernel exploits, especially on older machines.
Good Habits
- Take notes: Document every step, command, and finding. It helps with reporting and learning.
- Google error messages and version numbers: Someone else may have solved a similar problem.
- If stuck, reset the machine: Sometimes boxes get broken by other users.
TIP
Persistence and methodical enumeration are your best friends on HTB!