# CBBH \ ![](/files/qUXYU9iNViqCcCIhMFuG) ![](/files/GyXcbGqPwYIziRbYSEIP) Cost = 1410 cubes **Exam:** attack multiple websites \ write report + submit\ 10 flags = 100 points\ 85/100 to pass (so +- 8 or 9 flags)\ admin access or RCE
1. Multiple ways to get in, don't stay stuck for too long 2. use HTB's Academy's search feature 3. schedule a start time which gives you plenty on uninterrupted time 4. Take screenshots and write down as you go to save time on report writing
## Preparing for CBBH the exam After completing the training path, it’s essential to practice and apply one's knowledge on real-world scenarios. One of the best ways to do this is by utilizing HTB's Academy X HTB labs feature, which offers a wide range of labs to test your skills. One cal also take on web security challenges from PortSwigger’s Web Academy to further hone your skills and solidify your understanding of web security concepts. \ \ Challenges which might be super helpful: 1. OWASP-top 10 track on Hackthebox 2. Akvera fortress from hackthebox 3. Look also at boxes like [BountyHunter](https://app.hackthebox.com/machines/BountyHunter) - **done** [Horizontall](https://app.hackthebox.com/machines/Horizontall) - **done** to user ![](/files/wUr7innDGPsgKGE0UQ56) [Academy](https://app.hackthebox.com/machines/Academy) - **done** [Meta](https://app.hackthebox.com/machines/Meta) [Forge](https://app.hackthebox.com/machines/Forge) - **done user flag** [Nineveh](https://app.hackthebox.com/machines/54) - **done** more machines metioned:\ backdoor - WP\ apocalyst - WP\ tenet - WP\ ~~Steamcloud~~\ ~~Ransom~~\
1. Have a look at the labs on [portswigger](https://portswigger.net/web-security/all-labs) web academy. HTML Character encoding\ ![](/files/EtHlIV6oGDDWxKzwIaI0) ![](/files/pBb4VV9jPLyP3GQYLC9h) ![](/files/2QGL0Z3605gQVPKQ2YrP) ![](/files/k6zpt48WOGGAcyqcT021) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://livewire-za.gitbook.io/hacknotes/cbbh.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.