Help me I'm a beginner lol

I have no idea how, but I somehow was able to get into HTB without any help, but I’m stuck on almost every box that I try. I started hacking a few months ago and so far I covered basic networking, nmap, metasploitable, netcat, burp suite and a few other tools. I already had a solid understanding of linux, and I am pretty comfortable with it, and I also tried some bug bounty in the past so I know a bit of basic web vulnerabilities. So I got kinda bored of practicing with metasploitable so I decided to try out HTB. I tried Buff as my first machine, and I spent well over 6 hours on it just trying to get into user, and I got in with some help from a few people from Discord. I’m gonna try to do some privilege escalation tomorrow as I spent way too much time on here for the day. Anyway, I heard this was a pretty easy machine to start out with, but holy ■■■■ was it hard. Does anyone have any tips for me, or anything that I should probably study before/as I continue with the rest of the boxes on here?

NO GOD NO STAY AWAY FROM THAT MACHINE

The priv esc does not work 99% of the time. There’s a reason the ratio of user to root owns is almost 3:1

As for learning the HtB flow check out Ippsec on YouTube, watch a couple videos and you should start getting comfortable with how the boxes work.

It sounds like you’re in the same spot as me when I started. The learning curve is high but if you stick with it you’ll get the hang of it. Only these past few months have I been able to do medium hard boxes on my own, and it sometimes takes me days while the best users here can do it under an hour. If it seems like there’s endless room for knowledge gaining…there is!

I second LMAY75’s Ippsec recommendation. He’s a great teacher who makes walkthough videos. Pick a few easier retired machines (you’ll need VIP) and search Ippsec {machine name} on youtube or go to ippsec.rocks

Outside of HTB check out https://www.vulnhub.com/ for downloadable vulnerable machines for practice. You can usually find writeups on the older ones and many are beginner level. Eventually you’ll know your way around tools and common paths which will make the boxes here more doable.

Welcome to the frustration/fun

Hi, I can also recommend the udemy courses from Heath Adams. They are sometimes offered cheaply , like around 20$ . He uses htb mschines (older) ones to explain the concepts of linux priv esc and Windows priv esc. Also you csn take a look at TryHackMe which i believe is more beginner oriented.
Have been sitting in the same boat about a year ago. Extreme steep learning curve. And it can get really frustrsting at times. But just keep going and you will notice your progress after some time. Ippsecs videos are a goldmine as has been mentioned before.
Best

@Nokline said:

I have no idea how, but I somehow was able to get into HTB without any help,

Hi there and welcome.

but I’m stuck on almost every box that I try.

Thats ok - the advice here is good, so I dont have much to add other than this can be a fairly normal experience.

The boxes here are made to have “unique” challenges so you can feel like you never know enough but that isn’t true. Like everything, the more you practice, the better you get.

Anyway, I heard this was a pretty easy machine to start out with, but holy ■■■■ was it hard.

The ratings aren’t really a guide to how easy any particular individual will find a box. They are more linked to things like how much custom exploitation is needed. As a rule of thumb, if you can find exploit code that needs minimal modification the box will be rated easy - if you need to build custom exploits, it will be hard. The insane boxes go to another level.

As for actually difficulty, I dont think any of the currently active boxes (at least the ones I’ve done) are actually “easy” - Buff privesc is easy once you know how but a nightmare to get working.

Right now, all the other easy boxes need some specific and unusual knowledge to complete so dont beat yourself up about this being challenging.

Does anyone have any tips for me, or anything that I should probably study before/as I continue with the rest of the boxes on here?

Just keep going. It will get easier over time.

@TazWake said:
Buff privesc is easy once you know how but a nightmare to get working.

I’m convinced it just isn’t possible. HtB decided to troll us

@LMAY75 said:

I’m convinced it just isn’t possible. HtB decided to troll us

Lol, possibly. It is certainly orders of magnitude harder now they killed port 22 outbound from the servers and the exploit kills the service so often it is hard to do this on a public box.

Type your comment> @TazWake said:

@LMAY75 said:

I’m convinced it just isn’t possible. HtB decided to troll us

Lol, possibly. It is certainly orders of magnitude harder now they killed port 22 outbound from the servers and the exploit kills the service so often it is hard to do this on a public box.

I finally got it

I was like oh since we are all talking ab Buff I might as well go back and try it again… and it finally worked! You have no idea how happy I am rn

@LMAY75 said:

I FINALLY GOT IT

I was like oh since we are all talking ab Buff I might as well go back and try it again… and it finally worked! You have no idea how happy I am rn

Fantastic!!! Well done.

Type your comment> @zaphoxx said:

Hi, I can also recommend the udemy courses from Heath Adams. They are sometimes offered cheaply , like around 20$ . He uses htb mschines (older) ones to explain the concepts of linux priv esc and Windows priv esc. Also you csn take a look at TryHackMe which i believe is more beginner oriented.
Have been sitting in the same boat about a year ago. Extreme steep learning curve. And it can get really frustrsting at times. But just keep going and you will notice your progress after some time. Ippsecs videos are a goldmine as has been mentioned before.
Best

I second that, Heath Adams explains things very well.
Worth the $ and he usually gives out discounts

Hi, may I know how to reset the stating point machine on htb?