I’ve decided to post this widely instead because maybe is good general advice and if not I am sure/hope the community will put me right. I have not modified my language to account for the fact my peculiar brand of english is not yours. Hopefully it is still intelligible. Let me know if you are not understanding me I will not take offense and try harder to keep up my end of the comms…
It has gotten so bloody long, this so
#tldr; keep going, try harder, reach out anytime if you need help.
It does seem that the last few machines have been harder and some are not even technically harder. I’ve been getting quite salty myself about some of them but remember that actually I am probably wrongheaded, paranoid, confused and most importantly:
#making and testing these machines to a certain level is
really rock hard
…what someone finds difficult another will just breeze through just because… and maybe on another day the same person will find it easy…
Guessing: probably this machine is difficult for you because you don’t know that much python? (You do need to fix that).
I’ve been stuck on a few recently (which I always find really depressing) but the community have got me through.
If you are reaching out to someone for help and they are not doing so then they are failing hard in infosec because sharing knowledge is probably the most important thing in this business._
I would also expect them not to steal your learning experience by just spoon-feeding you spoilers from a plate, it kind of depends on whether you really have come to a point where you cannot progress/learn.
Sometimes people are stuck in their own hell or are just busy or in a completely different timezone. There have been times I’ve spent more time replying to requests for help than doing the machines. It is also my own fault for too much memage/shit posting.
On this forum it is impossible to tell what level somebody is at. You can just as easily insult someone with an overly simplistic explanation of something as help them. Apologies if I have done this.
You do have a duty also however to
enumerate, enumerate, enumerate as @pyzlence would say and
try harder (as @everybody).
Most of these machines are based on or have relevant info from
- infosec news item
- ippsec videos
- ‘guest’ machine creator’s own work
n. stuff… don’t know I am new here too
The more we do the more we will see the same themes reappear again and again because:
really rock hard
Doing information gathering is very important - the creator’s github account for every machine, using searchsploit on and googling every service you scan. I have left bits of the solution to this machine in so many pastebins for so many people by now I am surprised you haven’t found the whole thing. (This is why I put short expiry times on them not just to annoy you )
#You will never stop learning in infosec. NEVER. EVER.
There will always be the mother of all tsunami tidal wave of stuff for you to get through. You will often have to research stuff which you do not find inherently interesting. Quite often the vulnerability will lie within some fugly, backward, unloved, technological quazi-modo of a system. Chow it down soldier.
Reach out to as many people in the community as you can. Someone else will explain something in a different way which may just click.
Before you reach out though, think have I done absolutely everything in my power here, exhausted every avenue. You’ll feel much better if you remember your checklists. Well I do. I often reach out too soon too, forget to do stuff or often forget to repeat checks. We all make mistakes, nobody knows everything (except Bruce Schneier).
If you can afford get a VIP sub even if just for a short time. Some of the machines are nigh-on impossible on free as unfortunately some people are dickheads intentionally as well as more often unintentionally. You can be doing the right thing and it doesn’t work because somebody has DoS/broken the service - changing passwords, causing too many resets. This is a killer because you can’t investigate the same dead-end over and over until it works. Treating it as COINTEL gets you only so far. For example I did Jerry in around six minutes, my long nmap hadn’t even finished yet. From what I can gather on the free servers it was pure carnage, complete gonger - much better hackers than me (not hard) taking ages, going beserk. Furthermore, if you are disillusioned, salty you are just not as effective as when you are ‘on a roll’. In my short experience so far this is a genuine hacker community, people here are mostly just excellent.
#The above advice is as good for me as it is for you. Please don’t take any of it personally.