Hey guys, I am have been into hacking for about a year now. I started with learning with Networking and got a good grasp of it and afterward, I did security+ and also passed that. I learned basic pentesting stuff from The Cyber Mentor and learned how to hack from there pretty much. I recently started doing boxes and there are very few instances where i have been able to completely pwn a box and even in the few boxes, I was successful privesc just was not happening. I always end up looking at guides and stuff, i think i am too impatient. Every time i do enumeration and hit a wall or don’t know what to do i go straight to the guide and i hate doing it and I am the only one to blame for this. Even the easy boxes on here are difficult for me. I understand a lot of the concepts but i am very bad at web pentesting stuff (mostly because I have not learned JS) I don’t know what to do and any advice is helpful. I want to get good at doing this because those moments that i did end up pwning a box felt amazing. I need that feeling again.
Sup buddy, have you tried the TryHackMe labs? They have a pretty good program for beginners. HTB Academy is also really good as well. Also, Ippsec is awesome at explaining all of the retired boxes from HTB. Hacking takes a lot of patience, as I’m still learning a lot of things myself. I will admit, the HTB boxes have gotten harder but they do have a lot of resources available to u to learn how to begin.
I absolutely recommend Ippsec on YouTube as a start. He breaks everything down.
Yeah, I have recently started watching ippsec but I feel like there are gaps in my knowledge especially on the web side of things. I think i need to learn java script and then maybe watch the Hacker101 videos. Also yah i will try the beginner-friendly boxes and it think i am gonna set a rule that i will not read guides for boxes until i have spent a day or two on them at least. Thanks for the advice man I appriciate it. Its hard to manage this and college stuff, i am doing bachelors and Computer Science and i am taking Physics 2 and Calculus 2 right now and loads of work comes with them so i cant go at lighting speed but i really enjoy learning and doing this so i am gonna keep it up.
Yeah man good for you. A lot of this is easy if you have experience in the field. That degree will pay off, especially for this type of stuff.
Check out these links (if you haven’t seen them yet); they provide hints/tips on how to go about the various areas of pen testing.
Google " Payload All The Things"
These are what I primarily use for my methodologies and learning about different types of attacks.
Take your time. No rush to pwn any HTB boxes. Get good at Googling and researching. And feel free to ask for help. I’m not an expert at all, but I just enjoy breaking into things and learning from the smart folks.
In my opinion, a lot of hacking, especially on this platform is directly tied with recognising patterns. If you can fingerprint a technology and you have a good idea of what it does and the basic exploitation of that service, you immediately have a greater chance of pwning the machine than someone who doesn’t. I’m sure you’ve heard this plenty of times, but with hacking comes experience and that experience is more valuable than gold. Keep going, keep learning, keep following guides and soon you’ll notice patterns that keep coming up time and time again, soon you’ll be able to stop following guides and start hacking directly from your knowledge for a large portion of the machine instead of relying on guides and google.
Be patient with yourself. Learning takes time and we tend not to pick up new things as fast as we would like consistency over the long term will add up though. Day to day I definitely struggle to feel progress. Over the long term, it can be much easier to see. It sounds like you’ve identified some places you feel weaker. That sounds like an excellent opportunity to focus on a specific area. Take notes and keep at it. You’ll get there.
Thanks for the resources man!
Yeah thanks for your thoughts, I think I have a better understanding and a new perspective on things.
Yeah, I agree with the thing of the long term, I have definitely come very far from a year ago. I appreciate your input man I will be more patient.
Take heed to everyone’s input my friend. You got this! Happy to help guide you through any of the boxes that I’ve done already.
Yah, i appreciate that, i might hit you up then at some point haha
It really depends on what your goals are, if you are doing HTB and this stuff to learn and gain skills, then I think the most important thing is to shift your focus. It might feel like whenever you get stuck or end up in a rabbit hole that you are wasting your time and not making progress because your doing things that ultimately aren’t what is needed to get the flags for the box, but if your goal is to learn, then the flags and rooting the box is ultimately meaningless, who cares if you get it or not, that’s not your goal.
Start looking at it as that couple hours you spent trying to figure how apache configs work cuz you think it might be the path to a foothold, is no longer time wasted because it turns out you should have used an SQL injection. It’s time you spent learning how apache works, which will help you further down the road. You aren’t tackling boxes so that you can learn exactly what it is required for that particular box as if you are collecting exploits, you are tackling boxes because it gives you the opportunity to try things and practice techniques and because it’s an arena for you to learn in.
That shift will help make it less frustrating, but also honestly, you need to learn to embrace the frustration, because 95% of what pentesting is various levels of frustration. It’s constantly being stuck and spending tons of time googling things and trying a hundred different things that don’t work, just hoping for the one time that it does.
Being willing to embrace that frustration will also help you gain skills, because you will make lots more improvement when you are spending your time being frustrated, than you will doing passive things like watching ippsec videos and reading walkthroughs (not that those things aren’t valuable, but they should be used as tools to help you understand something, not as the path to knowledge). Learning is hard, it’s designed that way by evolution, you don’t want ot waste resources learning things that aren’t important, so its uncomfortable becacuse then you’ll only put the effort in for things that matter. Optimal learning doesn’t happen doing things that are easy, it’s doing things that are just outside your reach so that you are forced to expand and make new connections. Learning is also a skill like anything else, you’ll get better at it the more time you spend doing it. So as with all things, be kind and compassionate with yourself, this stuff is hard.