As is common in real life Windows pentests, you will start the TombWatcher box with credentials for the following account: henry / H3nry_987TGV! ┌──(r

┌──(root㉿7)-[~/htb/Machines/Certificate] └─# nmap -A 10.10.11.71 Starting Nmap 7.95 ( https://nmap.org ) at 2025-06-02 18:20 CST Nmap scan report for

Fluffy As is common in real life Windows pentests, you will start the Fluffy box with credentials for the following account: j.fleischman / J0elTHEM4n

Puppy As is common in real life pentests, you will start the Puppy box with credentials for the following account: levi.james / KingofAkron2025! 扫端口 ┌

扫描端口 ┌──(root㉿7)-[~/htb/Machines/Hospital] └─# nmap 10.10.11.241 Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-22 21:29 CST Nmap scan report for

CrownJewel-2 Forela 的 Domain 环境是纯粹的混乱。刚刚从域控制器收到另一个警报，指出 NTDS.dit 数据库正在泄露。就在一天前，您响应了同一域控制器上的#

Unrested Machine Information As is common in real life pentests, you will start the Unrested box with credentials for the following account on Zabbix:

Strutted Linux · Medium Target IP Address: 10.10.11.59 Task 1 How many open TCP ports are listening on Strutted? Strutted 上有多少个开放的 TCP 端口正在侦听？ nmap扫描

Cat 端口扫描 目录扫描 添加 ip-域名 映射 echo "10.10.11.53 cat.htb" >> /etc/hosts

Alert Linux · Easy 10.10.11.44 nmap -sV -sC 10.10.11.44 添加hosts规则 10.10.11.44 alert.htb 在Contact Us页