I’ve decided to post this widely instead because maybe is good general advice and if not I am sure/hope the community will put me right. I have not modified my language to account for the fact my peculiar brand of english is not yours. Hopefully it is still intelligible. Let me know if you are not understanding me I will not take offense and try harder to keep up my end of the comms…

It has gotten so ■■■■■■ long, this so

#tldr; keep going, try harder, reach out anytime if you need help.

It does seem that the last few machines have been harder and some are not even technically harder. I’ve been getting quite salty myself about some of them but remember that actually I am probably wrongheaded, paranoid, confused and most importantly:

#making and testing these machines to a certain level is

      really rock hard

…what someone finds difficult another will just breeze through just because… and maybe on another day the same person will find it easy…

Guessing: probably this machine is difficult for you because you don’t know that much python? (You do need to fix that).

I’ve been stuck on a few recently (which I always find really depressing) but the community have got me through.

I am happy to help as I would hope the entire hackthebox community is.

If you are reaching out to someone for help and they are not doing so then they are failing hard in infosec because sharing knowledge is probably the most important thing in this business._

I would also expect them not to steal your learning experience by just spoon-feeding you spoilers from a plate, it kind of depends on whether you really have come to a point where you cannot progress/learn.

Sometimes people are stuck in their own ■■■■ or are just busy or in a completely different timezone. There have been times I’ve spent more time replying to requests for help than doing the machines. It is also my own fault for too much memage/■■■■ posting.

On this forum it is impossible to tell what level somebody is at. You can just as easily insult someone with an overly simplistic explanation of something as help them. Apologies if I have done this.

You do have a duty also however to enumerate, enumerate, enumerate as @pyzlence would say and try harder (as @everybody).

Most of these machines are based on or have relevant info from

1. infosec news item
2. ippsec videos
3. ‘guest’ machine creator’s own work
   :
   :
   n. stuff… don’t know I am new here too

The more we do the more we will see the same themes reappear again and again because:

Making these machines new and fresh is :

      really rock hard

Doing information gathering is very important - the creator’s github account for every machine, using searchsploit on and googling every service you scan. I have left bits of the solution to this machine in so many pastebins for so many people by now I am surprised you haven’t found the whole thing. (This is why I put short expiry times on them not just to annoy you )

#You will never stop learning in infosec. NEVER. EVER.

There will always be the mother of all tsunami tidal wave of stuff for you to get through. You will often have to research stuff which you do not find inherently interesting. Quite often the vulnerability will lie within some fugly, backward, unloved, technological quazi-modo of a system. Chow it down soldier.

Reach out to as many people in the community as you can. Someone else will explain something in a different way which may just click.

Before you reach out though, think have I done absolutely everything in my power here, exhausted every avenue. You’ll feel much better if you remember your checklists. Well I do. I often reach out too soon too, forget to do stuff or often forget to repeat checks. We all make mistakes, nobody knows everything (except Bruce Schneier).

If you can afford get a VIP sub even if just for a short time. Some of the machines are nigh-on impossible on free as unfortunately some people are dickheads intentionally as well as more often unintentionally. You can be doing the right thing and it doesn’t work because somebody has DoS/broken the service - changing passwords, causing too many resets. This is a killer because you can’t investigate the same dead-end over and over until it works. Treating it as COINTEL gets you only so far. For example I did Jerry in around six minutes, my long nmap hadn’t even finished yet. From what I can gather on the free servers it was pure carnage, complete gonger - much better hackers than me (not hard) taking ages, going beserk. Furthermore, if you are disillusioned, salty you are just not as effective as when you are ‘on a roll’. In my short experience so far this is a genuine hacker community, people here are mostly just excellent.

#The above advice is as good for me as it is for you. Please don’t take any of it personally.

Addendum: if you post (especially random) stuff on my wall or on the site conversations I probably won’t reply because I may not see it or I have no idea what to say…

This is an awesome post - I think I agree with everything here.

I have learned loads on HTB and it is nearly all the result of helpful people who have given nudges and encouragement as needed.

There are times I look at something and draw a blank. The discussions are full of people saying “look how simple it is” and it does become depressing but, fortunately, there are a lot of very good people out there who are willing to share & nudge.

On the flipside, there are things which I’ve thought are really easy and I’ve been happy to help people on the rare occasions I can.

@izzie said:
Addendum: if you post (especially random) stuff on my wall or on the site conversations I probably won’t reply because I may not see it or I have no idea what to say…

you always have an appropriate meme for any conversation

@TazWake said:
On the flipside, there are things which I’ve thought are really easy and I’ve been happy to help people on the rare occasions I can.

It’s all easy when you know how!

@w31rd0 said:

@izzie said:
Addendum: if you post (especially random) stuff on my wall or on the site conversations I probably won’t reply because I may not see it or I have no idea what to say…

you always have an appropriate meme for any conversation

And I am grateful to my correspondents patience in that regard.

Wonderful post to read through man, I agree completely, I also love the easy machines as well as the hard they help build confidence, I have only been here 3 days so far and spent most of my time doing the challenges as there are techniques I don’t know but each one has left me with pride and a well earned tool in the belt, I plan to get back to the machines soon too, my worst thing is impatience and more often than not I over ook the one detail I needed to get the job done, if i can add anything to what you said it would be just slow down and take your time, some people out there spent years finding that one hole to get their rootkit in and have caused havoc in the world, (p.s. blue team in a red team world yo!!) i suppose that makes me purple team haha, personally the thing I lack at most is python, I’m not too bad with bash but am learning python at present and its like a foreign language to me haha, it took me about 6 hours to find out how to program my script to clear the screen as i was always used to typing the word clear; and move on haha, but learning is key the more knowledge you have the more power you gain, I also on a last note want to share my method, after i have done a system I do it again, and again until i know i can do it without any guide or notes to help me that’s when i move one, and 9/10 when i get to a new system its a little easier than the last as I know i have mastered the last, when I do it the last time I also time myself see how quick I can get it done, what started off as hours now takes minutes, but i’m always happy when it takes me hours again as it just gives me a new clock to work with, I’ll be sure to hit you up in the future when something breaks my mind and I’ve ran out of googles haha, thanks again your post gives me strength much love Bex xxx

No worries. Stay positive. Don’t feed the trolls.
My 2019 HTB resolution: help more, ■■■■■ less.