Advice re:seeking help

I've decided to post this widely instead because maybe is good general advice and if not I am sure/hope the community will put me right. I have not modified my language to account for the fact my peculiar brand of english is not yours. Hopefully it is still intelligible. Let me know if you are not understanding me I will not take offense and try harder to keep up my end of the comms.....

It has gotten so bloody long, this so

tldr; keep going, try harder, reach out anytime if you need help.

It does seem that the last few machines have been harder and some are not even technically harder. I've been getting quite salty myself about some of them but remember that actually I am probably wrongheaded, paranoid, confused and most importantly:

making and testing these machines to a certain level is

      really rock hard

...what someone finds difficult another will just breeze through just because... and maybe on another day the same person will find it easy...

Guessing: probably this machine is difficult for you because you don't know that much python? (You do need to fix that).

I've been stuck on a few recently (which I always find really depressing) but the community have got me through.

I am happy to help as I would hope the entire hackthebox community is.

_If you are reaching out to someone for help and they are not doing so then they are failing hard in infosec because sharing knowledge is probably the most important thing in this business.__

I would also expect them not to steal your learning experience by just spoon-feeding you spoilers from a plate, it kind of depends on whether you really have come to a point where you cannot progress/learn.

Sometimes people are stuck in their own hell or are just busy or in a completely different timezone. There have been times I've spent more time replying to requests for help than doing the machines. It is also my own fault for too much memage/shit posting.

On this forum it is impossible to tell what level somebody is at. You can just as easily insult someone with an overly simplistic explanation of something as help them. Apologies if I have done this.

You do have a duty also however to enumerate, enumerate, enumerate as @pyzlence would say and try harder (as @everybody).

Most of these machines are based on or have relevant info from

  1. infosec news item
  2. ippsec videos
  3. 'guest' machine creator's own work
    :
    :
    n. stuff.... don't know I am new here too :D

The more we do the more we will see the same themes reappear again and again because:

Making these machines new and fresh is :

      really rock hard

Doing information gathering is very important - the creator's github account for every machine, using searchsploit on and googling every service you scan. I have left bits of the solution to this machine in so many pastebins for so many people by now I am surprised you haven't found the whole thing. (This is why I put short expiry times on them not just to annoy you :D )

You will never stop learning in infosec. NEVER. EVER.

There will always be the mother of all tsunami tidal wave of stuff for you to get through. You will often have to research stuff which you do not find inherently interesting. Quite often the vulnerability will lie within some fugly, backward, unloved, technological quazi-modo of a system. Chow it down soldier.

Reach out to as many people in the community as you can. Someone else will explain something in a different way which may just click.

Before you reach out though, think have I done absolutely everything in my power here, exhausted every avenue. You'll feel much better if you remember your checklists. Well I do. I often reach out too soon too, forget to do stuff or often forget to repeat checks. We all make mistakes, nobody knows everything (except Bruce Schneier).

If you can afford get a VIP sub even if just for a short time. Some of the machines are nigh-on impossible on free as unfortunately some people are dickheads intentionally as well as more often unintentionally. You can be doing the right thing and it doesn't work because somebody has DoS/broken the service - changing passwords, causing too many resets. This is a killer because you can't investigate the same dead-end over and over until it works. Treating it as COINTEL gets you only so far. For example I did Jerry in around six minutes, my long nmap hadn't even finished yet. From what I can gather on the free servers it was pure carnage, complete gonger - much better hackers than me (not hard) taking ages, going beserk. Furthermore, if you are disillusioned, salty you are just not as effective as when you are 'on a roll'. In my short experience so far this is a genuine hacker community, people here are mostly just excellent.

The above advice is as good for me as it is for you. Please don't take any of it personally.

izzie

Comments

  • Addendum: if you post (especially random) stuff on my wall or on the site conversations I probably won't reply because I may not see it or I have no idea what to say...

    izzie

  • This is an awesome post - I think I agree with everything here.

    I have learned loads on HTB and it is nearly all the result of helpful people who have given nudges and encouragement as needed.

    There are times I look at something and draw a blank. The discussions are full of people saying "look how simple it is" and it does become depressing but, fortunately, there are a lot of very good people out there who are willing to share & nudge.

    On the flipside, there are things which I've thought are really easy and I've been happy to help people on the rare occasions I can.

  • @izzie said:
    Addendum: if you post (especially random) stuff on my wall or on the site conversations I probably won't reply because I may not see it or I have no idea what to say...

    you always have an appropriate meme for any conversation :)

  • @TazWake said:
    On the flipside, there are things which I've thought are really easy and I've been happy to help people on the rare occasions I can.

    It's all easy when you know how!

    izzie

  • @w31rd0 said:

    @izzie said:
    Addendum: if you post (especially random) stuff on my wall or on the site conversations I probably won't reply because I may not see it or I have no idea what to say...

    you always have an appropriate meme for any conversation :)

    And I am grateful to my correspondents patience in that regard. :D

    "Me"

    izzie

Sign In or Register to comment.