> For the complete documentation index, see [llms.txt](https://htb.linuxsec.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://htb.linuxsec.org/quickstart/prerequisite.md). # Prerequisite Before starting the work on HTB machines, always add the IP address to /etc/hosts on our machine. Example: ``` nino@nakano:~$ cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 nakano # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters #HackTheBox 10.10.11.105 horizontall.htb api-prod.horizontall.htb ..... ``` ### Common tools Here are some commonly used tools for working on HackTheBox machines. * [**nmap**](https://github.com/nmap/nmap) - for port scanning * [**ffuf**](https://github.com/ffuf/ffuf) - directory scanning & vhost discovery [Ffuf](https://www.linuxsec.org/2020/08/web-fuzzing-menggunakan-ffuf.html) can be used for performing directory scanning as well as vhost bruteforce (subdomain enumeration). That's why I prefer using Ffuf over other tools because this single tool can be used for multiple purposes. * [**SecLists**](https://github.com/danielmiessler/SecLists) - Wordlist Seclists is a collection of wordlists that will be very useful when performing fuzzing. ### Reverse Shell * [https://reverse-shell.sh](https://reverse-shell.sh/) * [https://www.revshells.com](https://www.revshells.com/) ### TTY Shell "Magic trick" for achieving a stable Full TTY shell (works on bash): ``` user@remote-server:~$ python3 -c "import pty; pty.spawn('/bin/bash')" ``` Then press **CTRL+Z** to pause the shell process. Next, execute the following command to disable input buffering and echo, making the reverse shell more responsive. ```bash user@local:~$ stty raw -echo ``` After that, run the following command to bring the shell process to the foreground. ```bash user@local:~$ fg ``` Lastly, execute the following command to set the TERM environment variable to xterm, ensuring smooth operation of the interactive shell. ```bash user@remote-server:~$ export TERM=xterm ``` * [Mendapatkan Akses TTY Shell setelah Back Connect](https://www.linuxsec.org/2019/07/spawn-tty-shell.html) ## Useful Resources * [exploitdb-bin-sploits // Exploit-Database's pre-compiled binary exploits](https://gitlab.com/exploit-database/exploitdb-bin-sploits) * [Ippsec](https://ippsec.rocks/?#) * [kashz jewels](https://kashz.gitbook.io/kashz-jewels/) * [HackTricks](https://book.hacktricks.xyz/) Alright, that's it for this update. I'll provide more updates later. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://htb.linuxsec.org/quickstart/prerequisite.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.