Struggling to start following some of the write-ups

Sorry for my ignorance on the subject. I have tried to search around but still struggling with these.

  1. Is there any tutorial (preferably video) on very first steps for newbies who want to use and learn Hack the box.
    Examples:
    • How to connect to a machine on HTB
    • What vpn configuration I need, Can I connect from my windows box etc

Basically the very first steps anyone with little knowledge on the subject like me needs.

  1. Most of the write-ups I find are usually for the VMs that are retired. For example, following write up about Bounty I find useful and want to follow but I could not find that VM.

https://veteransec.com/2018/10/27/hack-the-box-bounty-walkthrough/

I am very new trying to learn all this stuff. Your help will be much appreciated.

Comments

  • I'll do my best to help steer you in the right direction...

    1) There really isn't a video tutorial (to my knowledge) on connecting to Hack The Box, but here are the basic steps
    a) Download the .OVPN file assigned to your account
    b) Use whatever linux based VM you want (this includes whatever VM player you want to use, such as VirtualBox, VMPlayer, VMWorkstation, etc etc)
    c) Transfer the .OVPN file you downloaded to the linux system
    d) Open the CLI and navigate to the folder you placed it in and type (openvpn .ovpn)....this will connect you to the VPN of HTB.

    Side note, you do not need to configure anything outside of that, the OVPN file is preconfigured with your info all you need to do is simply launch it.
    

    Also I imagine you could connect from Windows but it would be pointless as many of the exploits are linux based, you could do them within Windows but you'd be at a serious disadvantage for portions of it. But this is a choice for you to make, same goes with what version of Linux to use (most would recommend Kali, but again up to you).

    2) The odds of finding a write-up on any active machine here is slim to none (it's part of the TOA that no one is allowed to provide the public a write-up of an active box), as this would make learning here pointless. That is why you will see some posts edited for spoilers as it gives the answers away to a box. The point of coming here is to learn, and help each other learn as well. Just don't ask for a direct answer to a box. Try what you can, and if stuck ask someone a specific question to help point you in the right direction. But remember help comes to those that help themselves.

    Now for the write-ups, you CAN purchase VIP access (and I recommend it), and with that you can work on decommissioned boxes, so you can follow Ippsec on youtube and follow his guide for old boxes and perform the work yourself. Just note that even if you get root this will not count toward anything, it'd be just to put into practice what you saw and have a better understanding of what he was doing and why. Don't copy his steps, but find a video on a box you can access, do what you know and when you're stuck, play his video until he shows you something to get you passed you're hurdle, pause the video attack the box some more and keep repeating this method.

    Anyhow as I said this is my take on it, and hopefully helped answer your questions at least somewhat....though I'm sure someone else here may have better answers than I did.

  • What he said ^^^^^^^^^^^^^^^^^^^

    Welcome to the community!

    "ClickmedotEXE"
    CISSP | OSCP
    arodtube

  • @Rayvenhawk Thank you so much for such a detail reply. Its very helpful. May I ask few follow up questions. I see that my account has access to a server edge-eu-free-1.hackthebox.eu but in the details its showing an IPv4 address 0.0.0.0 and IPv6 of 0::. My questions
    a) Is this the only VM accessible to me or I can choose any other VM?
    b) How can I know which VMs could be better for a beginner like me to start with?
    c) Given the ip address assigned to machine for my account, it doesn't look normal. What do I need to do proper ip for connecting to the machine?

    Once again thanks a lot for your help.

  • @Sultanrahi,

    The server you're talking about is the server you VPN into to connect to the HTB network. As a free user you are limited to what server you are able to connect to but this does not limit you on which boxes you can pen test on.

    To see the active servers (the ones you are trying to get root on) are listed on the left panel under Labs / Machines / Active (there are usually 20 at a time listed here).

    As for which to get started on, you can go by the graph displayed for each server. The more green the "easier" other users found it to be on getting root. But everyone is different so some may find certain boxes easy and others hard while another user will find it to be opposite of that. Take me for example, I have an easier time working on a server running linux than I do on a windows machine. It doesn't mean windows servers are harder, it just means my current skill set leans toward linux an area I need to work on.

    For your IP you will be assigned an IPv4 & IPv6 VPN address (10.10.xxx.xxx, don't know the IPv6 IP off the top of my head), this way you can access the servers within the HTB Lab (10.10.10.xxx).

    I think you're confusing the VPN and Labs. The VPN piece is just a connection for your computer to connect to HTB and have access to their internal Lab network. Once the VPN connection is established you then can access the servers within the Lab subnet. Just please keep in mind the ONLY systems you should attempt to pen test will have an IP as I stated above (10.10.10.xxx). To go along with the VPN piece, the edge-eu-free-1.hackthebox.eu is only for the initial connection between you and HTB.

    Hopefully that answers your questions.

Sign In to comment.