what’s the average time one should spend on a HTB box while learning ?
I know that is a vague question and I would like to pwn it without looking at the hints. Some times I feel like I’m spending way too much time and I’m not making any progress.
Giving me approximate times for easy/moderate/hard boxes would help me make some kind of progress instead of making zero progress. THanks!
It’s depending on your experience on the boxes or pen testing. If you are day time pen tester, you can pwn easy boxes in an hour or two.
But if you are new to pen testing, it may take days to pwn easy machines.
@masuse said:
hi guys - anyone wants to team up for OSCP? mine is next month, i am bit halfway way feel like not read
That’s a pretty cool idea! Mine will be on Dec, but I’m already preparing for it!
@masuse said:
hi guys - anyone wants to team up for OSCP? mine is next month, i am bit halfway way feel like not read
I will have mine one in early Nov.
Hi, I would like to pick this topic for speak about OSCP!
I made a decision, in december and January is it OSCP time! 
I’m IT Engineer since 12 years, especally in Windows platform"Active Directory, VMware Virtualisation, Hyper-V, Storage, Network “CCNA”.
Do you have any adive of book for preparing this certification, book of Web Exploitation or any like this would be help to learn before OSCP.
Thanks !
@petitponeybzh said:
Hi, I would like to pick this topic for speak about OSCP!I made a decision, in december and January is it OSCP time!
Do you have any adive of book for preparing this certification, book of Web Exploitation or any like this would be help to learn before OSCP.Thanks !
The only two books you’ll need for Web Exploitation are “The Web Application Hacker’s Handbook” and “Owasp Testing Guide”. In addition to that, check “Network Security Assessment”, “The Hacker Playbook” series or “Penetration Testing” and then… practice, practice, practice with boxes here as much as you can! Oh, and then this → https://twitter.com/0xdea/status/1053568325597442048
@mrcopy thanks for you anwser
I take in account!
@petitponeybzh said:
Hi, I would like to pick this topic for speak about OSCP!I made a decision, in december and January is it OSCP time!
Do you have any adive of book for preparing this certification, book of Web Exploitation or any like this would be help to learn before OSCP.Thanks !
I’m in the same place. I decided on starting up the labs in January for the OSCP exam. I’ve been in IT for about 10 years in the same type of fields. Good Luck!
HTB are intended for you to attack through an expected vector, usually because the systems are all patched.
OSCP systems are not patched to the latest version. This means that while there is probably an “intended” attack vector to privesc, you don’t even need to use it. If you’re good at exploitation you can privesc with a lot of the new proof of concepts (like ALPC). You just have to compile them. I spent an ungodly amount of time on a privesc (enumerated literally everything) when I could’ve just compiled an exploit. (I still don’t know the stupid “intended” route for that…)
Also, don’t overestimate OSCP exam. The bar is very low. Stupid stuff is configured. Stuff that would probably never be in the real world.
The best thing you can learn from HTB is looking at how other people solved the problem. The github has the solutions for every box. The password is the root hash. Look at them. You might read stuff you never even thought of.