HTB tracks

Noticed that they’ve adding a new feature called “Tracks”

The closest thing I’d call it similar to is “rooms” from THM, although I’ve always preferred HTB. What do you think of it? I think it’s a pretty neat thing to add, I’d also love to see some kind of community-made tracks to also be possible, so you could challenge your friends to complete your track, or helpful tracks for a particular subject, etc.

I have mixed feelings about it.

I think anything which helps people focus and find a way to learn the skills they want to learn is good. If they add more it will definitely help people get the information they are looking for (for example the recent thread on BOF, we often get threads on “what boxes are good for OSCP” and “what boxes can I practice AD attacks” etc).

However, I also agree it feels a lot like THM. I cant decide if that is a good thing or not.

Type your comment> @TazWake said:

I have mixed feelings about it.

I think anything which helps people focus and find a way to learn the skills they want to learn is good. If they add more it will definitely help people get the information they are looking for (for example the recent thread on BOF, we often get threads on “what boxes are good for OSCP” and “what boxes can I practice AD attacks” etc).

However, I also agree it feels a lot like THM. I cant decide if that is a good thing or not.

Seems like both of us have (quite) similar stances on this. Wonder what the rest think.

@sparkla said:

Registered with THM first time today. I like that as much as any unskippable tutorial section of a PC game.

I still vote for my own ideas:

  • mystery button with added points if enabled, otherwise showing info on the “brainfuck” part of a box, for less hardcore players like me
  • Nudge button, deducting points for each usage

If HTB wants “me” to do active machines, this is the way. If they want to drive people like me away, tracks are the way.

I think it’s completely acceptable that you’re voting for your own ideas, and I think your ideas could definitely be implemented which can definitely bring in more people. I’m just curious why this is driving you away from HTB because of tracks?

Would be nice if the retired machines in the tracks were available to all users.

Or just make it a VIP feature. Its kinda awkward going half-and-half.

Could be kinda nice for learning specific skills tho.

Type your comment> @LMAY75 said:

Would be nice if the retired machines in the tracks were available to all users.

Or just make it a VIP feature. Its kinda awkward going half-and-half.

Could be kinda nice for learning specific skills tho.

This, this is something I can entirely agree on.

It looks very awkward.

@sparkla said:
Right, it depends on how it’s implemented, tl;dr being optional.

The way it’s made at THM - not gonna do that. It’s a thing that’s great for beginners but the same time a roadblock for intermediates or pros. I don’t like win/lose solutions if you could easily think of a win/win instead. I don’t like things that block me, have enough of that in my life.

Implementing things that are useless to me (pwnbox, new design, tracks) take away dev time and things that are important to me remain unfixed. You’ll find lots of these discussions on the “Maschine” forums from NI, meaning I’m not the only one worrying about such things even though it’s “none of my biz”.

It happened when I first saw the Starting Point, back when it was new, my VPN didn’t work. I did draw the wrong conclusion that I had to do the starting point to regain access. So I made it half way through, in the beginning I was still in good mood and welcomed that little refresher. Half way through I was cursing at that thing, some didn’t work, some was badly explained (instructions unclear, built a house instead), some was just not the way I’m used to do it. I was happy to find out my conclusion about VPN was wrong and it was just a temporary glitch.

Doing the same lame thing your competitor did for years is anything but disruptive.

I definitely do agree with that, I think that instead of adding new features constantly, they should use some of that development time to fix issues with the platform; Exhibit A: My friend who does a lot of HackTheBox constantly got his points deduced for reasons, he contacted support about it and the best they could help him with was “You lose points after machines retire.” The thing was that none of the machines he did were retiring, (sometimes he would lose just 5 points, other times he could literally lost hundred(s) of points for absolutely no reason) he just kept losing points for no reason. It was very frustrating to say the least. - Not to mention he was a VIP user too, you’d expect a more incline to help him for that too.

HackTheBox surprisingly has a lot of bugs, especially with the web UI - I haven’t tried out the new UI much, most of it is probably fixed now, but I still prefer the simple old UI because of its simplistic nature; Yes things can still be nice without having to look like it’s futuristic xD

And I can’t forget that when I was VIP, I had a lot of issues with the spawning machines feature and I absolutely agree on the starting machine issues, I personally haven’t tried it out, but I see a HTB thread on it like every 2nd day of the week.

I obviously love HTB and all the things the guys working at HTB are doing, that’s why I find stuff like this very frustrating. I want them to take this thread as constructive criticism rather than direct “hate”. I think they need to spend a bit more time fixing a lot of the development issues. An example of a thing I’d like fixed or improved on is possibly the layout/UI of the forum, the forum looks very buggy/clumsy with a lot of the issues, we don’t even know the optimal profile picture image resolution so most of the time we’re really just guessing and hoping the image gets cropped nicely, and the fact that we have API keys in our HackTheBox account settings but absolutely no API documentation? (for some strange reason) I’m giving HackTheBox the benefit of the doubt as they’re not exactly a Google competitor where they have multiple of teams/departments for fixing software issues and making new features. So I’m being patient about this. But yeah, this is also my 2 cent on this whole thing.

Edit: I’m sorry about the long message, hopefully it wasn’t too much of an annoyance, lol.
Hopefully HTB sees this thread and responds appropriately.

I’ve had a play with it and have modified my opinions a bit.

I agree with @LMAY75 and it might be a bit frustrating for non-VIP users. However, I suspect part of this is to encourage more people to become VIP.

I also agree with @sparkla that it would be better if this stays as an optional extra or “added value” bit, rather than become the main focus. I hope that is the plan but time will tell.

However, I decided to try the active directory track today and, as a result, ended up doing the Mantix box, which gave me some good things to practice with impacket. Now, I could have done this anytime in the last two years I’ve been on HTB, but it was only when the Track made me realise it was an AD box that I became motivated enough to try.

For me, this indicates some value - with the hope that, over time, there will be tracks to help people practice specific techniques.

@PapyrusTheGuru said:

Exhibit A: My friend who does a lot of HackTheBox constantly got his points deduced for reasons, he contacted support about it and the best they could help him with was “You lose points after machines retire.” The thing was that none of the machines he did were retiring, (sometimes he would lose just 5 points, other times he could literally lost hundred(s) of points for absolutely no reason) he just kept losing points for no reason. It was very frustrating to say the least. - Not to mention he was a VIP user too, you’d expect a more incline to help him for that too.

This might be support failing to explain rather than a bug in the GUI. Scores are complex to work out and you don’t actually lose points sometimes, its just the calculation updates. If you drop a box, the score you see by your name in the profile will often be many more points different than your previous total + what the new box is worth. Overnight the scores will recalibrate and it will look like you lost points.

Type your comment> @TazWake said:

I’ve had a play with it and have modified my opinions a bit.

I agree with @LMAY75 and it might be a bit frustrating for non-VIP users. However, I suspect part of this is to encourage more people to become VIP.

I also agree with @sparkla that it would be better if this stays as an optional extra or “added value” bit, rather than become the main focus. I hope that is the plan but time will tell.

However, I decided to try the active directory track today and, as a result, ended up doing the Mantix box, which gave me some good things to practice with impacket. Now, I could have done this anytime in the last two years I’ve been on HTB, but it was only when the Track made me realise it was an AD box that I became motivated enough to try.

For me, this indicates some value - with the hope that, over time, there will be tracks to help people practice specific techniques.

@PapyrusTheGuru said:

Exhibit A: My friend who does a lot of HackTheBox constantly got his points deduced for reasons, he contacted support about it and the best they could help him with was “You lose points after machines retire.” The thing was that none of the machines he did were retiring, (sometimes he would lose just 5 points, other times he could literally lost hundred(s) of points for absolutely no reason) he just kept losing points for no reason. It was very frustrating to say the least. - Not to mention he was a VIP user too, you’d expect a more incline to help him for that too.

This might be support failing to explain rather than a bug in the GUI. Scores are complex to work out and you don’t actually lose points sometimes, its just the calculation updates. If you drop a box, the score you see by your name in the profile will often be many more points different than your previous total + what the new box is worth. Overnight the scores will recalibrate and it will look like you lost points.

Wdym by ‘optional’… this better not replace the machine lab

@LMAY75 said:

Wdym by ‘optional’… this better not replace the machine lab

Well, in my case, that it remains an optional view of how the machines are organised rather than being the primary access point.

Type your comment> @TazWake said:

@LMAY75 said:

Wdym by ‘optional’… this better not replace the machine lab

Well, in my case, that it remains an optional view of how the machines are organised rather than being the primary access point.

Oh yea ofc. It would be exceptionally inconvenient for this to become how machines are organized - active grouped together with retired.

Now, if they wanted to include a “hide retired boxes” that would be good for organizing active machines by exploit type for people wanting to work on certain skills.

Nonetheless, this should remain a side feature and not replace the machine lab since it would be impossible to keep track of your boxes.

@TazWake said:

If you drop a box, the score you see by your name in the profile will often be many more points different than your previous total + what the new box is worth. Overnight the scores will recalibrate and it will look like you lost points.

Oh I see, thank you.

Type your comment> @sparkla said:

About “adding features constantly”: I’ve seen more than a few pieces of software, including one of my own, that went down the road of feature escalation - in my case as per user request. You end up with a monolithic nightmare nobody can fix anymore with 5 bugs on each, once new and awesome, feature. I recently had to put that thing out of it’s misery.

Please don’t do that HTB. Keep the old UI and fix it. Refactor if necessary. Need a webdev? I happen to know one. Make lists sortable, extend the stats, make the API available. Respond to user issues like the friend of @PapyrusTheGuru . Fix the forums. Fix the box /content ssues…

Link the forums, labs, and support into a single usable platform

Type your comment> @sparkla said:

About “adding features constantly”: I’ve seen more than a few pieces of software, including one of my own, that went down the road of feature escalation - in my case as per user request. You end up with a monolithic nightmare nobody can fix anymore with 5 bugs on each, once new and awesome, feature. I recently had to put that thing out of it’s misery.

Please don’t do that HTB. Keep the old UI and fix it. Refactor if necessary. Need a webdev? I happen to know one. Make lists sortable, extend the stats, make the API available. Respond to user issues like the friend of @PapyrusTheGuru . Fix the forums. Fix the box /content ssues…

Exactly, thank you. Good to know we’re on the same page. and also I agree with what @LMAY75 suggested to.

Do you have to be VIP to try Tracks??

I’m not VIP, so I’m trying to connect with my “free” and even “starting point” VPN, but neither will allow me to even run nmap scans. Keeps telling me box is down, use -Pn, etc. No luck though.

Type your comment> @quantumtheory said:

Do you have to be VIP to try Tracks??

I’m not VIP, so I’m trying to connect with my “free” and even “starting point” VPN, but neither will allow me to even run nmap scans. Keeps telling me box is down, use -Pn, etc. No luck though.

You do not have to be VIP to use tracks, but a lot of the boxes/challenges are retired hence making VIP somewhat of a requirement.

@quantumtheory said:

Do you have to be VIP to try Tracks??

It depends which box you are looking at. As @PapyrusTheGuru said, you can probably access most boxes on a given track but not all.

I’m not VIP, so I’m trying to connect with my “free” and even “starting point” VPN,

A free VPN allows access to all the live boxes and two retired ones.

The starting point VPN allows access to the starting point boxes.

but neither will allow me to even run nmap scans. Keeps telling me box is down, use -Pn, etc. No luck though.

The idea of having Tracks is actually quite good. Just finished Dante Track and learned a few new things. What would be nice is to get some extra points upon completion of the track.

Edit: The forum deserves a little bit more attention from HTB UX team. Where is the “Like” or “Thanks” button for forum posts when you need it? How often happened it to me that I wanted to “Like” a forum post but couldn’t …

Type your comment> @k4wld said:

The idea of having Tracks is actually quite good. Just finished Dante Track and learned a few new things. What would be nice is to get some extra points upon completion of the track.

Edit: The forum deserves a little bit more attention from HTB UX team. Where is the “Like” or “Thanks” button for forum posts when you need it? How often happened it to me that I wanted to “Like” a forum post but couldn’t …

This is so true, I’d love to see a better UX design.

No points for track machines?
I just sign up for VIP+ and wanted to do the tracks. I tried pinging a machine (lame, 10.10.10.3) on track and it didn’t work. I found the same machine on retired machines and activated it with a different IP and it worked. After getting a flag i got no points for doing the machine, is that normal?