Take hints or not?

Hi, I am quite a noob and I want to grow up (as anyone do, I suppose).
Every time I am stuck and don’t know what to do next or google next, I want to take a hint.

BUT, isn’t it better to do google fu and bump your head against the wall until the brain will figure out the way? Real life hacks with real challenges will not give any hints.

BUT, maybe it’s better to take hints and do not spend much time in shower/google/mountain to think about another hard step and get the direction of the way when you are lost?

Or maybe there is no real difference and you will growing up anyway with almost same speed?

When I see hall of fame I wonder 'Are they learning and practicing the way I do? Did they take hints ’ and I am here, want to ask

What is the best way to grow up, with or without hints?

Nudges are designed to point you in the right direction, not give you the answer.

However, consider that real life pentesting (at least where I’m at), you have coworkers to rely on if you’ve run out of ideas yourself.

As @CarbonDPG mentioned: In real life engagements you always have colleagues or other peers to ask for help. No one person can know everything, and it is totally legitimate to ask for help, when you get stuck.
That way, you learn something new, instead of getting constantly frustrated by not seeing the forest for the trees. And next time you encounter a similar problem, you’ll know what to do/try (even, when the situation is only similar, and exactly the same ).

So, in essence: Try yourself, first. And when you get stuck, ask for nudges to the right direction.

I consider HTP a platform for learning.
And 99% of the infosec job is made up of learning.
Learning does not means that you have to research and build on your own the wheel again and again.
If your goal is to become a red teamer, you have to think like an attacker. And attackers are accustomed to check for easy solutions and are eager to receive hints to ease their life.
If your goal is to join the blue heroes, then you have to learn from other’s who have had experiences dealing with real-life attackers or red teamers.
In the final analysis: there’s no reason for not looking for hints/nudges/suggestions/papers that may help you to learn what you need for what you are trying to achieve.

@Rucker said:

Hi, I am quite a noob and I want to grow up (as anyone do, I suppose).
Every time I am stuck and don’t know what to do next or google next, I want to take a hint.

Take the hint, ask for a nudge, seek advice. When you google, you are doing exactly the same thing, it just feels better because you don’t feel you are communicating with people working on the same challenge.

BUT, isn’t it better to do google fu and bump your head against the wall until the brain will figure out the way?

Really? Why is this better than someone giving hints, nudges or guidance?

Tell me - do people learn quantum physics this way? Do people learn bricklaying this way?

Or do we almost all get help, guidance, instruction and advice along the way.

Real life hacks with real challenges will not give any hints.

Well, it is rare to be in the real world with zero access to anyone who can say “have you tried X”. In those rare black-site type pentests, you often dont have access to google either…

BUT, maybe it’s better to take hints and do not spend much time in shower/google/mountain to think about another hard step and get the direction of the way when you are lost?

It is literally your choice. You can learn either way. There is no morally better course.

If you can learn something in an hour and progress, that might be better than spending 10 days going round in circles.

Understanding the difference between when to do one vs the other is, in itself, learning.

Or maybe there is no real difference and you will growing up anyway with almost same speed?

I think this is the case - although I also think it very much depends on you as a person.

Some people take hints and don’t learn anything. Some people google-fu and don’t learn anything. Some people take hints and learn lots. Some people google-fu and learn lots.

Look at this way, is looking for a hint on what connects to QUIC any different from googling “what connects to QUIC” ?

When I see hall of fame I wonder 'Are they learning and practicing the way I do? Did they take hints ’ and I am here, want to ask

If you mean the top 100 on HTB, I am willing to bet the answer is that they have ALL taken hints at some point in their lives. I know I have, and I’ve been top 50 and I know people in the top 100 who’ve asked me for hints.

Do they take hints for every step of every box? Probably not. People who get bloods have no hints for that box to even look at.

But the important part is that they probably did take hints, tips and guidance at other times. Lots of them are in teams where they work together to drop boxes and this is very much the same as taking hints.

It really isn’t a binary switch.

What is the best way to grow up, with or without hints?

Why does there have to be A best way? What is the best way for you ?

Very few people, when faced with a brand new technology stack, can self-learn enough about it to progress in anything like a realistic timescale. Reaching out for help/advice/guidance is literally the most sensible thing to do in this situation.

However, if its your 30th box and you are still asking for hints on how to find open ports or what nmap is, then your learning isn’t working.

tl;dr: do what works for you.

Many thanks to you, guys. I really appreciate your replies and now have answers to my questions.

No shame on take hints, I can tell you how I usually think when I’m stuck:

if you think the topic covered in the challenge is not of your interest, well then don’t waste your time, move on.
The purpose here is not to actually capture the flag.

Have confidence in yourself!
You do not even imagine how many times the first intuition is the right one, but you are worried because you think it could be a wasting time and you abandon it.

Never give up!
The leitmotiv is as usual ‘try harder’.

If you are still not able to see the horizon line,
take a little break, put your head in otherthing,
You might be amazed at how things and points of view can change by doing it all over again with a fresher mind.

Still not able to figured out the solution?
Checks for nudges, take a look at what has already been said, search engines could be usefull to integrate for topics you don’t master at all.
This is usually enough to solve the challenge. (at least 90% of the time)

If you think you’ve tried everything
Ok, this is the right moment to ask for hints, how?
The last thing that you want is to have your flag handed on a silver platter.
Share your reasoning, the attempts you have made, your strategy, and after ask to be pointed in the right direction. Sharing, sharing and once again sharing, our job is based on collaboration, this is essential, I will never get tired of saying it.
And trust me, be wary of those who tell you that they made themselves without needing help, he’s lying to you and he’s lying to himself… ‘Omniscent’ is just a level of fantasy… Nobody really is.

You finally made it.
Now is the time fo review, ask yourself if you could have done it yourself, if you were lazy and preferred the shortcut. be honest with yourself.
If yes, then tries to manage the challenge by redoing it in an alternative way. (there is always one)

Study and deepen what you have learned.
This is the real reason why you are here.

Have fun!

This thread was honestly theuraputic, especially from someone who thinks the same.

For me, problem is not take a hint or not but When do i request for hint? :

when i 'am stuck i usually requests for hint or have a look to HTB forum.
when i got hint and i say " why on earth i did think by myself". I should probably work on improving my pentest process .
when i got hint and i say " wahou i did not that stuff" : it was probably the rigth moment.

Sometimes it is not a question of techniques, but more a change of point of view due to some tunnel effects.
For me it is the hardest part to learn.
Several times i just found solution by myself just asking to other people.

Before looking for a hint, i would advise to force yourself to respect another 1 or 2h period, and take a break. Only then if you still have no clues… go for a hint.

From my view, taking hints/pointers isn’t wrong. But executing/using it without further research and understanding is the problem. People may miss the logical thing which the machine itself come to teach.

@sparkla said:

“When” to take nudges? I guess when the fun stopps.

I think this is a good point. (and I suspect we’ve discussed this a bit before).

For me, HTB is a place to have fun, practice things and learn things. When it stops being fun, something needs to change.

If you enjoy the research, dead ends and frustration - keep going.

If you hate it, you’ve got fed up of reading the same blog posts which dont make sense over and over, and you’ve almost given up hope - then get hints, nudges etc.

At the end of the journey, no one will care what path you took to get there. If you root a box without learning anything, you’ve probably just wasted your own time.

Nudges make you weak and lazy. You gotta be tough here and endure the pain and humiliation impossed on you. Only then you can become a real man, a real hacker. Make it so or we won’t ever respect you.

I thought almost literally this things until this thread

Type your comment> @PapyrusTheGuru said:

This thread was honestly therapeutic, especially for someone who thinks the same.

so true!

Type your comment> @xaif7aLe said:

Type your comment> @PapyrusTheGuru said:

This thread was honestly therapeutic, especially for someone who thinks the same.

so true!

Glad to know this thread helped other people too

I like to take the hint and then go super in depth into the topic. This way, I never run into the same question twice and can exploit in scenarios which are similar but not exactly the same.

Of course this means I will do things like spend a week or two on the syntax for a specific SQL database, but I find its a great way to learn a lot. Huge time commitment tho