I’m currently doing HTB academy because i’m still a noob and not advanced enough, in my opinion, to start HTB machines.
At what point in my learning will i get good enough to start basic/easy machines in your opinion?
I don’t think there is an answer to that.
I’ve been doing HTB for 2 years and I find some of the easy machines very challenging.
The only real way to learn if you can do it, is to try. If you can start with the retired boxes work through a few using the write ups, then try a few on your own (with the writeups if you get stuck).
However, one thing about every CTF Platform (HTB, VulnHub, TryHackMe etc) is that new content tries to be “new”. That means you will often find you learn how to exploit one box, but the next one is a completely different thing that you need to learn from scratch.
It is important to remember the HTB easy/medium/hard/insane aren’t really a good measure of how hard you will find a particular box. It is more along the lines of how much effort:
- Easy boxes should be rootable with standard scripts, requiring little or no modification
- Medium
- Hard
- Insane boxes rely heavily on customised exploits or very complex attack paths, with almost nothing working “out of the box” as it were.
Even with this broad generalisation, there are inconsistencies. I’ve seen “easy” boxes which need a lot of custom configuration. In general, most boxes are probably bit harder than their rating suggests rather than the other way round.
As an example, three retired easy boxes give a sign of the variety:
- Buff : public exploit to get foothold, upload tools and then port forwarding and public exploit to get root.
- Blunder : enumeration to discover access point, custom wordlist, brute force protection bypass to get foothold, db enumeration to get user. Public exploit (in the news a lot last year) to get root.
- Doctor : Observation skills to get attack point. SSTI to get foothold with a non-obvious exploit point, enumeration to user, public exploit to get root.
There are things you learn because they are the same on every box:
- nmap
- dirb/dirbuster/gobuster
- visiting HTTP servers in a browser to look for clues
After that, it becomes a lot more “unique” to each box. Lots of people resort to things like LinPEAS and WinPEAS for privesc but 75% of the time, they just generate noise with the useful information (like windows priv assignments) hidden in the data.
tl;dr: You are probably as ready as you can be if you don’t mind being forced to learn new things all the time.
@TazWake said:
I don’t think there is an answer to that.I’ve been doing HTB for 2 years and I find some of the easy machines very challenging.
The only real way to learn if you can do it, is to try. If you can start with the retired boxes work through a few using the write ups, then try a few on your own (with the writeups if you get stuck).
However, one thing about every CTF Platform (HTB, VulnHub, TryHackMe etc) is that new content tries to be “new”. That means you will often find you learn how to exploit one box, but the next one is a completely different thing that you need to learn from scratch.
It is important to remember the HTB easy/medium/hard/insane aren’t really a good measure of how hard you will find a particular box. It is more along the lines of how much effort:
- Easy boxes should be rootable with standard scripts, requiring little or no modification
- Medium
- Hard
- Insane boxes rely heavily on customised exploits or very complex attack paths, with almost nothing working “out of the box” as it were.
Even with this broad generalisation, there are inconsistencies. I’ve seen “easy” boxes which need a lot of custom configuration. In general, most boxes are probably bit harder than their rating suggests rather than the other way round.
As an example, three retired easy boxes give a sign of the variety:
- Buff : public exploit to get foothold, upload tools and then port forwarding and public exploit to get root.
- Blunder : enumeration to discover access point, custom wordlist, brute force protection bypass to get foothold, db enumeration to get user. Public exploit (in the news a lot last year) to get root.
- Doctor : Observation skills to get attack point. SSTI to get foothold with a non-obvious exploit point, enumeration to user, public exploit to get root.
There are things you learn because they are the same on every box:
- nmap
- dirb/dirbuster/gobuster
- visiting HTTP servers in a browser to look for clues
After that, it becomes a lot more “unique” to each box. Lots of people resort to things like LinPEAS and WinPEAS for privesc but 75% of the time, they just generate noise with the useful information (like windows priv assignments) hidden in the data.
tl;dr: You are probably as ready as you can be if you don’t mind being forced to learn new things all the time.
Great! Thank you
Though Is there any boxes you recommend or would you not be able to say, due to different strengths and weaknesses?
@Shieldmaiden said:
Great! Thank you
Though Is there any boxes you recommend or would you not be able to say, due to different strengths and weaknesses?
Yeah, I’d struggle to know what to suggest really.
If you have access to the retired boxes (VIP/VIP+) you could start with the really old ones. Some (like Blue) are genuinely trivial to exploit so can help build confidence. You might not learn much other than firing up MSFConsole.
But really, every box is different, its not possible to suggest one in any meaningful way.