Hack the Box CLI
Project description
Just a small tool I threw together one day to make it easy to work with HTB from the command line. It uses the API wrapper from @kulinacs with a few modifications.
Usage
Install
pip install htbcli
Config
after installing the module. configure it with
# For free users use this command.
# Replace [your_key] with your actual api key from the settings page on HTB.
htb config --lab=free --apiKey=[your_key]
# For VIP Users its the same just pass vip instead of free to the --lab argument.
htb config --lab=vip --apiKey=[your_key]
List
You can list all the boxes on HTB. Just use the list command.
$ htb list -h
# usage: htb list [-h] [--retired] [--assigned] [--incomplete] [--sort-by field]
# [--reverse] [-s SEPARATOR] [-rs ROW_SEPARATOR] [-q]
# [-f field [field ...]] [-a]
# optional arguments:
# -h, --help show this help message and exit
# --retired Include retired boxes in the output. [NOTE: Retired
# boxes are only available to VIP users and cannot be
# accessed by a free user.]
# --assigned Show what machines are assigned to you. [VIP Only]
# --incomplete Only show incomplete boxes in the output. An
# incomplete box is one where you haven't owned both
# user and root.
# --sort-by field Field to sort by. This will sort the boxes by the
# passed field. You can reverse the order by passing
# --reverse. Certain fields like difficulty will be the
# average value. To sort by the official HTB rank (ie
# easy/medium/hard) sort by the amount of points the box
# is/was assigned.
# --reverse Reverse the order of boxes. This will return the list
# sorted by the sort field in reverse.
# -s SEPARATOR, --separator SEPARATOR
# The separator to use when outputting the fields when
# -q is set
# -rs ROW_SEPARATOR, --row-separator ROW_SEPARATOR
# The separator to use between rows when outputting the
# fields when -q is set
# -q, --quiet Output only the field values without any formatting.
# Useful when parsing the output.
# -f field [field ...], --fields field [field ...]
# Limit the output to only these fields. All fields
# shown when this is omitted.
# -a, --all-fields Output every field on the machines.
$ htb list
# ╒══════╤════════════╤═════════╤══════════╤══════════════╤══════════════╤══════════╕
# │ id │ name │ os │ rating │ owned_user │ owned_root │ active │
# ╞══════╪════════════╪═════════╪══════════╪══════════════╪══════════════╪══════════╡
# │ 191 │ Smasher2 │ Linux │ 4.4 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 193 │ Chainsaw │ Linux │ 4.2 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 196 │ Player │ Linux │ 4.8 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 197 │ Craft │ Linux │ 4.9 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 198 │ RE │ Windows │ 4.4 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 200 │ Rope │ Linux │ 4.7 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 201 │ Heist │ Windows │ 4.4 │ True │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 202 │ Scavenger │ Linux │ 3.3 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 203 │ Networked │ Linux │ 3.7 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 204 │ Zetta │ Linux │ 4.5 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 207 │ Bitlab │ Linux │ 3.7 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 208 │ Wall │ Linux │ 2.3 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 209 │ Bankrobber │ Windows │ 2.7 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 210 │ Json │ Windows │ 4.1 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 211 │ Sniper │ Windows │ 4.5 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 212 │ Forest │ Windows │ 4.6 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 213 │ Registry │ Linux │ 4.4 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 214 │ Mango │ Linux │ 3.8 │ True │ True │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 215 │ Postman │ Linux │ 3.9 │ False │ False │ True │
# ├──────┼────────────┼─────────┼──────────┼──────────────┼──────────────┼──────────┤
# │ 216 │ AI │ Linux │ 2.7 │ False │ False │ True │
# ╘══════╧════════════╧═════════╧══════════╧══════════════╧══════════════╧══════════╛
Info
You can see data on a single machine with the info command.
$ htb info -h
# usage: htb info [-h] [-s SEPARATOR] [-q] [-f field [field ...]] [-a] BOX
# positional arguments:
# BOX The name of the box you want info for.
# optional arguments:
# -h, --help show this help message and exit
# -s SEPARATOR, --separator SEPARATOR
# The separator to use when outputting the fields when
# -q is set
# -q, --quiet Output only the field values without any formatting.
# Useful when parsing the output.
# -f field [field ...], --fields field [field ...]
# Limit the output to only these fields. All fields
# shown when this is omitted.
# -a, --all-fields Output every field on the machine.
$ htb info lame
# ╒═══════════════╤══════════════════════════════════════════════════════════════════════════════════════╕
# │ id │ 1 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ name │ Lame │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ os │ Linux │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ ip │ 10.10.10.3 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ avatar │ https://www.hackthebox.eu/storage/avatars/fb2d9f98400e3c802a0d7145e125c4ff.png │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ avatar_thumb │ https://www.hackthebox.eu/storage/avatars/fb2d9f98400e3c802a0d7145e125c4ff_thumb.png │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ points │ 20 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ release │ 2017-03-14 21:54:51 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ retired_date │ 2017-05-26 19:00:00 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ maker │ id: 1 │
# │ │ name: ch4p │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ maker2 │ │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ ratings_pro │ 2331 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ ratings_sucks │ 220 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ user_blood │ id: 22 │
# │ │ name: 0x1Nj3cT0R │
# │ │ time: 18 days, 22 hours, 55 mins, 25 seconds │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ root_blood │ id: 22 │
# │ │ name: 0x1Nj3cT0R │
# │ │ time: 18 days, 22 hours, 54 mins, 36 seconds │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ user_owns │ 9949 │
# ├───────────────┼──────────────────────────────────────────────────────────────────────────────────────┤
# │ root_owns │ 10556 │
# ╘═══════════════╧══════════════════════════════════════════════════════════════════════════════════════╛
Reset
Of course you can also interact with the boxes. Here is how you request a reset of a box.
$ htb reset -h
# usage: htb reset [-h] BOX
# positional arguments:
# BOX The name of the box to reset. Resetting may take a few minutes
# to take effect and may be cancelled by another user.
# optional arguments:
# -h, --help show this help message and exit
$ htb reset mango
# Attempting to reset Mango. This request often takes ~30 seconds, so be patient please...
# success: 1
# output: Mango will be reset in 2 minutes.
# used: 0
# of : 2 total resets
# total: 2
Own
You can submit flags with the own command.
$ htb own -h
# usage: htb own [-h] -f FLAG -d [1-10] BOX
# positional arguments:
# BOX The name of the box you want to own.
# optional arguments:
# -h, --help show this help message and exit
# -f FLAG, --flag FLAG The flag you want to submit to own the box. user/root
# is automatically determined by the server based on
# what flag you submit.
# -d [1-10], --difficulty [1-10]
# The rating of how difficult you thought it was from
# 1-10.
$ htb own --flag=abcdefghijklmnopqrstuvwxyz123456 --difficulty=5 heist
# Attempting to own Heist with flag: abcdefghijklmnopqrstuvwxyz123456 and rating: 5/9...
# Heist user is now owned.
# 1
VIP Only
Spawn
You can interact with the new VIP interface’s on demand launch capability with the spawn command.
$ htb spawn -h
# usage: htb spawn [-h] BOX
# positional arguments:
# BOX The name of the box to spawn. This will fail if you have another
# box currently spawned. Terminate any spawned boxes and wait
# until it actually shuts down before running this.
# optional arguments:
# -h, --help show this help message and exit
$ htb spawn chainsaw
# Attempting to spawn Chainsaw. This request often takes ~30 seconds, so be patient please...
# success: 1
# status: You have been assigned as an owner of this machine.
Terminate
And once youre done owning a box. Just terminate it and move on.
$ htb terminate -h
# usage: htb terminate [-h] BOX
# positional arguments:
# BOX The name of the box to terminate. Termination may take up to a
# few minutes to take effect. Until then you will not be able to
# spawn any new boxes.
# optional arguments:
# -h, --help show this help message and exit
$ htb terminate chainsaw
# Attempting to terminate Chainsaw. This request often takes ~30 seconds, so be patient please...
# success: 1
# status: Machine scheduled for termination.
Suggestions
If anyone has any feature requests, I will gladly hear them out but can’t guarantee I will have time to implement them.
I’m @devx00 on HTB. And I am an admin of a Discord server dedicated to helping people get into InfoSec and (ethical) hacking in general. Feel free to message me at either, or on github.
Heres a link to the Discord server for anyone interested. NullzSec Discord
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file htbcli-1.1.7.tar.gz
.
File metadata
- Download URL: htbcli-1.1.7.tar.gz
- Upload date:
- Size: 16.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/50.3.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.7.8
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
0fa743fe25fe5480d9d8bd8fe0f9b1dc40874416d9fce80fb3c55fc45f9cf95d
|
|
MD5 |
37981710343a63104c3c2cb11a393a20
|
|
BLAKE2b-256 |
d15f09e900013002736e85d0163e4eb4f9026c1b712e60a317dbedfeb3aec8b7
|
File details
Details for the file htbcli-1.1.7-py3-none-any.whl
.
File metadata
- Download URL: htbcli-1.1.7-py3-none-any.whl
- Upload date:
- Size: 12.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/50.3.0 requests-toolbelt/0.9.1 tqdm/4.56.0 CPython/3.7.8
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 |
23d2794d726479f157e0f48e4bc1005fdc3ae54f83d9fade1cea407fe2164c35
|
|
MD5 |
f12d6dd307f31eae2b472dce0eec0158
|
|
BLAKE2b-256 |
b387efe34433cd8891a46acae5cd4a2863b23e5b46c6ce2137abe1c68613fde2
|