So I am here about one month and I am really enjoying my time here, it has been a crazy learning experience and I want to share my thougts and give some tips for peoples that, like me, is new to infosec!
If you are really new I would suggest you to have some particular set of skills before starting cracking some boxes here:
Linux: Of course, you need to know your way into linux terminal, how to navigate throught folders, read files, install programs, update lists. If you don’t know these things yet you should check the Linux Fundamentals PDF (http://linux-training.be/linuxfun.pdf) and do the overthewire.org wargame called Bandit. These two, especially the wargame, will give you a solid base knowledge about things that you will use.
Programming: You will need to read lots of codes in order to understand what is going on in a page, or to get why your exploit its not working. So, it is important to know how to program. If you dont know yet, try python! Its a great beginner language, really good to use with linux and it is heavly used in security. There is this course that will help you a lot: Think Python 2e – Green Tea Press
Basic network: How TCP/IP works, what is a DNS, SMTP, telnet, what is a port an what means when its open, are just a few things that are needed. Here I would suggest you to find a good book and read it. I am not encouraging you to download unautorized PDF of books but its REALLY easy to get them online
Basic Infosec tools and Expressions: Metasploit? Kali linux? Reverse Shell? Priv esc? These and many other things will be at the forums and discussions around the boxes and you will need to know what they are. You can learn this things on the fly also, but getting a basic book or a online course will help you a lot. Here I dont have any suggestion I learned everything searching the topcs individually.
So you already know some of these things or just are ignoring my suggestions (which is totally fine, I am just a newbie after all), and want to start here on HTB! Great! Here are some things that I learned in this one month that helped me a lot!
0 - @ippsec videos: This guy is a aweasome! He has crazy walkthoughts and great tips for everyone, beginner or experienced people. He recently organized his playlists by difficulty start with easy ones but first, watch his video about tmux! IppSec - YouTube
1 - Try hard, but also ask for help: Always try to solve the boxes by yourself, even it is really hard when you just started making CTF’s. But if you are really stucked just go to the forum, go to the box discussion and ask for help. Usually people that finished the boxes post there and the ones that are willing to help will say so.
2 - Know how to ask for help: Don’t PM a guy with just "I need help with user/root on box XXXX ". Say what you did so far, what you discovered, what you tried and what worked or not and BE POLITE, nobody likes an a**hole. It will be much easier to the person to help you, and don’t ask for the full answer. A good pm would be something like this: "Hello! I am stucked at the box XXXXX for some time and I was wondering if you could help me. I scanned the box and found port XX running a service and I tried the tool XXXXX to exploit that but it didin’t work. I am on the right path? Thanks for the help!
3 - Acknowledge the ones that helped you: Is always nice to get appreciation when you help someone so, if somebody contribuited with you, ask for his HTB profile and give him a “Respect”. This will encourage him to always help others and everybody wins with that!
4 - Help others: Congratulations, you cracked your first box! Even that you did that all by yourself, go to the forum and tell people to PM you asking for help! I am a teacher and I learn A LOT teaching! It is great when someone cracks a box after you helped them
5 - Read Writeups: When a box is retired, people make writeups about them. It is a great way to learn and to see how people do things in different ways. Recently the box “Access” got retired and because it was a easy box, there is a lot of different writeups about it. Check them out!
6 - Have fun: My Overwatch account is dead since I started here. It is the most fun I had in a long time doing something, and I am learning like crazy at the same time! I really want to thank everyone that helped me so far, especially @ippsec with his aweasome videos!
Sorry for the long post but I really want to give my impressions of my time here! I love this community more every day I cant wait to learn more and meet new people that share this love!
Thank you for reading and also, share your experiences here! What other tip would you give for someone new? Also sorry for any english mistakes, not my mother language