While watching some retired HTB boxes walk through I can’t help but notice the Creator of the walk through editing the Linux /etc/hosts file, my question is, why do they edit the file and what’s the application in the wild say when one is performing a penetration testing for a firm or is it just a CTF thing?
Besides just habit and ease of use (remembering the box name versus remembing the IP address), one of the primary reasons is to deal with webserver virtual hosts (and sometimes subdomains).
If you browse to a box using an appropriate domain name – which sometimes isn’t just boxname.htb – the webserver will direct you to the content based on the host header that your browser supplies. If you don’t do this and instead browse to the raw IP address, that header won’t be set properly and you’ll (sometimes) instead wind up on a default landing or error page.
You can see this in action right here on the forums. You just browsed to forums.hackthebox.eu and got the page you expected, right? Well now try browsing directly to 220.127.116.11 instead.
You've requested an IP address that is part of the Cloudflare network. A valid Host header must be supplied to reach the desired website.
See? It’s the same server, but the difference is in the host header, as a result of using an appropriate domain name.
So yes, it has real world implications.