How to start

I recently join to HTB to put in practice what I supposed to know. I’ve doubts how you conduct pentest here. I know each case is different but I am more interested in tools you usually use to start. NMAP, then openvas? Jump directly to metaexploit. None of above? I guess all the succeeds comes from distros like Kali or Parrot. Windows not needed or not desired. It’s that right? Thanks for your help.

Thank you

Disclaimer: I’m not working as a pentester, just an enthusiastic HTB player

I did it the hard way, installed Parrot on a dedicated machine and started solving the available easy boxes, figuring out what I need to use on the way. I don’t really like metasploit to be honest because it’s “magic”. I prefer to use / write scripts I understand so I can learn. Windows definitely helps when you’re hacking windows boxes. I made a conscious decision to work only from linux until it becomes literally impossible, and a lot of times this has caused me extra problems I needed to solve.

Also Disclaimer: I am not a pentester and I dont play the part of one in movies.

Most of my HTB time is in Kali, simply because its what I am used to.

Generally I start with NMAP, sometimes masscan but I dont find that faster against a single IP. I’ve seen some write ups which talk about Legion but I haven’t tried it yet.

Once Nmap tells me what ports are open, then its down to enumerating the port.

For example, if it looks like a webserver I use dirb/dirbuster/gobuster/nikto and open it in Firefox/Burp to see if anything interesting appears.

If SMB is open, different tools (smbclient,rpclient,crackmapexec etc).

I dont have any issue with using MSF, but I find it isnt that helpful on most HTB boxes.

Thanks a lot. You bring me some light :slight_smile:

Thank you all for sharing your experiences, these are very helpful and I appreciate them.