> For the complete documentation index, see [llms.txt](https://rouxtronics.gitbook.io/stemsecure/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://rouxtronics.gitbook.io/stemsecure/roadmaps/hack-the-box.md).

# Hack The Box

> Starting Point → Active Machines → Academy (CPTS path)
>
> `⭐ = Recommended for beginners`
>
> [Team page](https://app.hackthebox.com/public/teams/7654)
>
> [Join via referral](https://referral.hackthebox.com/mzC9F4k)

<a href="https://referral.hackthebox.com/mzC9F4k" class="button primary">Get Started</a>

### 📊 Progress Summary

| Tier                  | Focus                          | Items | Done |
| --------------------- | ------------------------------ | ----- | ---- |
| Starting Point Tier 0 | VPN, basic service interaction | 8     | 3    |
| Starting Point Tier 1 | Single-step exploitation       | 6     | 0    |
| Starting Point Tier 2 | Full kill chain, 2 flags       | 9     | 0    |
| Academy / CPTS Path   | Theory + guided labs           | 28    | 24   |

***

## Starting Point

> ⚠️ HTB rotates Starting Point machines periodically — verify this roster against [app.hackthebox.com/starting-point](https://app.hackthebox.com/starting-point) before treating it as canonical.
>
> <i class="fa-crown" style="color:$warning;">:crown:</i> - needs **VIP** subscription

### 🟢 Tier 0

> Fundamentals: connect, enumerate, interact. No real exploitation.
>
> 8 Machines - 4 Free

* [x] ⭐ [Meow](https://app.hackthebox.com/machines/Meow) (Linux)— Telnet
* [x] ⭐ [Fawn](https://app.hackthebox.com/machines/Fawn) (Linux)— FTP
* [x] ⭐ [Dancing](https://app.hackthebox.com/machines/Dancing)(Windows) — SMB
* [ ] [Redeemer](https://app.hackthebox.com/machines/Redeemer)(Linux) — Redis
* [ ] [Explosion](https://app.hackthebox.com/machines/Explosion) (Windows)<i class="fa-crown" style="color:$warning;">:crown:</i> — RDP
* [ ] [Preignition](https://app.hackthebox.com/machines/Preignition)(Linux) <i class="fa-crown" style="color:$warning;">:crown:</i> — Nginx misconfig
* [ ] [Mongod](https://app.hackthebox.com/machines/Mongod)(Linux) <i class="fa-crown" style="color:$warning;">:crown:</i> — MongoDB
* [ ] [Synced](https://app.hackthebox.com/machines/Synced) (Linux)<i class="fa-crown" style="color:$warning;">:crown:</i> — Rsync

### 🟡 Tier 1

> Single primary exploitation step, one flag.

* [ ] ⭐ [Appointment](https://app.hackthebox.com/machines/Appointment) (Linux)— SQL injection auth bypass
* [ ] ⭐ [Sequel](https://app.hackthebox.com/machines/Sequel) (Linux)— MySQL creds
* [ ] ⭐ [Crocodile](https://app.hackthebox.com/machines/Crocodile) (Linux)— FTP anon + creds reuse
* [ ] Responder (Windows)
* [ ] Three (Linux)
* [ ] Funnel (Linux)
* [ ] Bike (Linux)
* [ ] [Ignition](https://app.hackthebox.com/machines/Ignition) (Linux)— Magento default creds
* [ ] [Pennyworth](https://app.hackthebox.com/machines/Pennyworth)(Linux) — Jenkins RCE
* [ ] [Tactics](https://app.hackthebox.com/machines/Tactics) (Windows)— SMB null session, PSExec

### 🔴 Tier 2

> Full chain: enum → foothold → privesc. Two flags (user + root).

* [ ] ⭐ [Vaccine](https://app.hackthebox.com/machines/Vaccine) (Linux) — FTP, SQLi, GTFOBin
* [ ] ⭐ [Oopsie](https://app.hackthebox.com/machines/Oopsie)(Linux) — IDOR, file upload, SUID
* [ ] ⭐ [Archetype](https://app.hackthebox.com/machines/Archetype) (Windows)— MSSQL xp\_cmdshell, WinRM
* [ ] [Unified](https://app.hackthebox.com/machines/Unified)(Linux) — Log4Shell, MongoDB
* [ ] [Included](https://app.hackthebox.com/machines/Included)(Linux) <i class="fa-crown" style="color:$warning;">:crown:</i>
* [ ] [Markup](https://app.hackthebox.com/machines/MarkUp) (Windows) <i class="fa-crown" style="color:$warning;">:crown:</i>
* [ ] [Base](https://app.hackthebox.com/machines/Base)(Linux) <i class="fa-crown" style="color:$warning;">:crown:</i>

***

## 🎓 Academy

> 3 Paths: [CPTS](https://academy.hackthebox.com/app/paths/16/path-progress), [CWES](https://academy.hackthebox.com/app/paths/17/path-progress), [CJCA](https://academy.hackthebox.com/app/paths/419/path-progress)
>
> 50 Unique Modules

### Penetration Tester (CPTS) Path

> 28 Modules

* [x] Penetration Testing Process
* [x] Getting Started
* [x] Network Enumeration with Nmap
* [x] Footprinting
* [x] Information Gathering - Web Edition
* [x] Vulnerability Assessment
* [x] File Transfers
* [x] Shells & Payloads
* [x] Using the Metasploit Framework
* [x] Password Attacks
* [x] Attacking Common Services
* [ ] Pivoting, Tunneling, and Port Forwarding
* [x] Active Directory Enumeration & Attacks
* [x] Using Web Proxies
* [x] Attacking Web Applications with Ffuf
* [x] Login Brute Forcing
* [x] SQL Injection Fundamentals
* [x] SQLMap Essentials
* [x] Cross-Site Scripting (XSS)
* [x] File Inclusion
* [ ] File Upload Attacks
* [x] Command Injections
* [x] Web Attacks
* [x] Attacking Common Applications
* [x] Linux Privilege Escalation
* [ ] Windows Privilege Escalation
* [x] Documentation & Reporting
* [ ] Attacking Enterprise Networks

### Web Penetration Tester

> 20 Modules
>
> 7 Uniques
>
> 13 Modules From CPTS

* [x] Web Fuzzing
* [x] JavaScript Deobfuscation
* [ ] Server-side Attacks
* [ ] Broken Authentication
* [ ] Attacking GraphQL
* [ ] API Attacks
* [x] Bug Bounty Hunting Process

### Junior Cybersecurity Analyst

> 20 Modules
>
> 15 unique
>
> 3 Modules From CPTS
>
> 2 Modules From CWES

* [x] Introduction to Information Security
* [x] Network Foundations
* [x] Introduction to Networking
* [x] Linux Fundamentals
* [x] Introduction to Bash Scripting
* [x] Windows Fundamentals
* [x] Introduction to Windows Command Line
* [x] Introduction to Penetration Testing
* [x] Pentest in a Nutshell
* [x] Hacking WordPress
* [x] Intro to Network Traffic Analysis
* [x] Incident Handling Process
* [x] Windows Event Logs & Finding Evil
* [x] Security Monitoring & SIEM Fundamentals
* [x] Introduction to Threat Hunting & Hunting With Elastic
