Post

HackTheBox - Competing with Cheaters

Posted
Preview Image
By The Honest Person
5 min read
HackTheBox - Competing with Cheaters

Introduction:

Hack The Box is a platform where people learn hacking and sharpen their offensive security skills. It’s well-regarded—not just by the community, but even listed on Microsoft’s MSRC List.

Despite being a great learning space, HTB suffers from a major issue. You might assume it’s about shady content or poor management. But that’s not the case. HTB is a community-driven and gamified platform that even runs an enterprise branch. Box creators get paid, and the community thrives through competitive seasons.

Addressing the Issue

The issue? Integrity of the content (cheating) during seasonal competitions.

Why does it matter, you might ask? Because HTB is a gamified platform, and to keep it competitive, the integrity of the content must be maintained.

HTB releases boxes as part of seasonal events. Active users compete to root them (gain “bloods”) and climb the leaderboard. These rewards include profile ranking, HTB cubes for Academy content, and recognition for real skill.

Pentest Skills or Pretend Skills?

However, some users leak solutions—breaking the rules to boost their teams or gain fake prestige. Flags and walkthroughs are shared privately or on forums like BreachForums, helping public teams reach the top 100 without solving anything themselves.

These actions directly violate Hack The Box’s Terms of Service and community guidelines.

You might wonder: what does “public teams” mean? On Hack The Box, teams are meant to be private—used to collaborate with trusted members only.

As stated in the community guidelines:

An Example:

Sharing solutions to active content violates HTB’s TOS.

The Cons

Everything has its pros and cons, but the only thing with real cons here is cheating. For others—those who genuinely want to learn, grow, or even escape reality—it ruins the fun.

Some of these individuals:

  • Spam leaked flags from forums
  • Hold certifications like CRTO, OSCP, CPTS, and others
  • Can’t type basic commands (like smbclient, flush dns, or any commands from the impacket-suite)
  • Pretend to be skilled, yet fail at real-world challenges

Searching “flash dns command in kali linux” while claiming to be CRTO certified is embarrassing.

yes, intentionally typed flash dns.

Even funnier (and worse), one claimed to have bypasses on the most-used CDN and found XSS on a major LLM — yet couldn’t solve a basic machine on HTB.

How does this affect the real world?

It harms those who genuinely work hard and have real skills. While they struggle to get noticed, others with fake fame and connections easily land jobs. For example, one individual got hired solely based on certifications and connections—despite lacking actual ability. The result? They failed on the job and exposed their lack of real-world skills.

HTB’s actions This high-ranked user (Guru/Omni level) was banned—then unbanned within hours.

But why? Oh wait, he has a social media presence too? That’s the craziest part. Made some review video on HTB content… so is that why?

Lord knows best what’s in the hearts of people.

The person who called them out? Permanently banned by HTB. Wow. This fake “hacker” was later exposed for faking certifications and was fired from a senior job position. Yes, you read that right.

“SENIOR JOB POSITION”

Why? He couldn’t deliver a basic Active Directory presentation and struggled for 20 minutes with smbclient. Meanwhile, a teenager building BloodHound alternatives gets offered a low-paid internship. The system is broken.

This isn’t solely HTB’s fault—but it contributes. It’s the broader impact of cheating, fake careers, and unchecked fraud. HTB bans cheaters—but temporarily. Cheaters get second chances. Legit users get banned for speaking out.

That’s not fair?!.

Proof? Yes

Go ask any legit top HTB player. They’ll tell you exactly who the cheaters are.

Take one example: DMs good players begging for hints, somehow solves a challenge, and then passes the flags/writeups around.

Da Chart – Begging for Solutions Proof 1
Begging for solutions on Discord, forums—anywhere possible.
Can you believe this? cheating & not being Banned Proof 2 Proof 3
Ranked in the Top 3 while still asking for flags, Same user. Still not banned.

Activity tab is like logs of recent solves, As you can see it's one after another.

Activity Evidence Activity 1 Activity 2

Summary and Final Thoughts

This isn’t just a cheating issue—it’s an integrity issue.

HTB keeps content active for about 6 months before retiring it. But where’s the integrity if that content is already leaked across the web?

The game becomes unfair. Cheaters boast after submitting leaked flags. It ruins the experience for those genuinely trying to learn.

Content quality is dropping too— but that’s a topic for another blog.

Temporary bans, weak enforcement, and unchecked reward systems fuel the problem. Real players get demotivated. Cheaters get rewarded.

Even worse: Cheating extends to HTB exams. While CPTS was updated to reduce abuse, paid modules and exam reports still get scraped and leaked.

Final Note

HTB does a lot of good—but they need to improve ban policies and protect the community better. For example: ban cheaters longer, not just for a few days.

Let real learners compete fairly. Let HTB be a platform for genuine growth—not shortcut glory.

These skids don’t just ruin games—they ruin careers, communities, and trust.

Funny thing? NLTE’s solves raise suspicion or Mr Byte’s Z3ro gets DMs from staff asking how he got the blood and what methods were used— yet known cheaters walk free, claiming to be the Al-Khwarizmi of hacking… while struggling to spell smbclient, despite being a YouTuber reviewing “advanced” post-exploitation tools.

One even tried to run sudo please google flash-dns -- kali-linux— because hey, root solves everything, right?

thoughts
htb-fair-to-cheaters skids-being-skids htb-writeups leaked-content
This post is licensed under CC BY 4.0 by the author.