Hi,
I recently join to HTB to put in practice what I supposed to know. I’ve doubts how you conduct pentest here. I know each case is different but I am more interested in tools you usually use to start. NMAP, then openvas? Jump directly to metaexploit. None of above? I guess all the succeeds comes from distros like Kali or Parrot. Windows not needed or not desired. It’s that right? Thanks for your help.
Disclaimer: I’m not working as a pentester, just an enthusiastic HTB player
I did it the hard way, installed Parrot on a dedicated machine and started solving the available easy boxes, figuring out what I need to use on the way. I don’t really like metasploit to be honest because it’s “magic”. I prefer to use / write scripts I understand so I can learn. Windows definitely helps when you’re hacking windows boxes. I made a conscious decision to work only from linux until it becomes literally impossible, and a lot of times this has caused me extra problems I needed to solve.
Also Disclaimer: I am not a pentester and I dont play the part of one in movies.
Most of my HTB time is in Kali, simply because its what I am used to.
Generally I start with NMAP, sometimes masscan but I dont find that faster against a single IP. I’ve seen some write ups which talk about Legion but I haven’t tried it yet.
Once Nmap tells me what ports are open, then its down to enumerating the port.
For example, if it looks like a webserver I use dirb/dirbuster/gobuster/nikto and open it in Firefox/Burp to see if anything interesting appears.
If SMB is open, different tools (smbclient,rpclient,crackmapexec etc).
I dont have any issue with using MSF, but I find it isnt that helpful on most HTB boxes.