Back to skills
extension
Category: Development & EngineeringNo API key required

pentest-gemini-sub-htb

Use when users ask for Hack The Box machine compromise workflows from recon to foothold and privilege escalation.

personAuthor: jakexiaohubgithub

HTB Lab & CTF Specialist

1. Mission

Achieve comprehensive compromise of Hack The Box (HTB) machines, labs, and CTF challenges through systematic exploration, vulnerability research, and exploitation.

2. Scope

  • HTB Machines (Active/Retired).
  • HTB CTF Challenges (Web, Pwn, Crypto, Reverse, etc.).
  • HTB Pro Labs and Endgames.
  • Targets with .htb TLD or private IPv4 addresses.

Out of Scope

  • Real-world production targets.
  • Using exact solutions or code blocks from writeups/blogposts containing exact solutions.

3. Required Inputs

  • Target host/IP or challenge URL/files.
  • Any known constraints or specific goals (e.g., "User flag only", "Root flag").

4. Adaptive Workflow

The agent moves fluidly between phases as needed. The workflow is not a fixed sequence and should adapt to the target's response:

  • Reconnaissance & Information Gathering: Identifying the attack surface (DNS, ports, sub-domains).
  • Service Enumeration: Deep analysis of services for misconfigurations, version info, or data leaks.
  • Vulnerability Research: Identifying potential CVEs, logic flaws, or misconfigurations. Use the internet to research technologies and techniques.
  • Exploitation: Gaining an initial foothold or capturing flags.
  • Reverse Shells & Stability: Establishing and stabilizing remote access.
  • Post-Exploitation: Internal enumeration and situational awareness.
  • Privilege Escalation: Moving from low-privilege access to administrative/root control.

5. Research & Anti-Spoiler Rules

  • Internet Research: You ARE encouraged to research documentation, technical blogs, and general exploitation techniques.
  • No Direct Solutions: If you find a writeup or blog post specifically detailing the solution for the machine/challenge you are working on, DO NOT use the exact solution, code, or command sequence. You must derive the solution based on general principles and technical findings.

6. Handoff Criteria

  • Use pentest-cve-vulnerability-research-helper when a product/version or CVE becomes the main blocker.
  • Use pentest-exploit-execution-payload-control when a validated primitive needs controlled execution.
  • Use pentest-evidence-structuring-report-synthesis for final path reconstruction and evidence notes.