how to be like ippsec

Hello Guys, Sorry for interruption and many thanks for the ones who are reading , anyway,i see lots of professionals like ippsec. and other guys overhere who are extremely unordinary who usually go for Brainfuck and impossible machines ,
may you please tell us how you guys became like that?? was it because you studied a lot or because you practiced a lot or because you guys had lots of experience or Dealed with a similar scenario,what is it about?
if any of you guys willing to help noobs like me please don't hesitate to type your reply,sorry if it is a useless question, but whenever i see how hard some machines are and i see people solving it i become disappointed ,thinking when would i become one of these cool professional guys?
so please would you give us some guide lines ?
Thanks for your efforts which will truely help,specially on privelege escalation...which is too tiring for me

Comments

  • Hey!

    This is not a useless question it's actually quite a legitimate question. Usually, people like ippsec have something that can trigger an understanding which makes it easier to work in the field. Let's take programmers/developers, for instance, most of the developers have out of the box thinking and use lots of logic. Not everyone can do it but if you practice enough you will get into the habit of thinking like that.

    In most cases, they either work in the field of Security, they have either studied Security or they may have been practising for many years and they have seen a lot of the challenges before. This doesn't only apply in Cyber Security but it applies to other fields too.

    Studying helps quite a bit like myself I am studying and aim to be a Pen Tester at some point in the future but to start off I need to practice and think like a Hacker!

    Anyway, I hope this helps and hope other more experienced people answer your question. :)

  • I will be happy to start a small group that pays pays ippsec to answer questions and coach us.

  • maybe the HTB discord could make an interview...

    peek

  • Type your comment> @peek said:

    maybe the HTB discord could make an interview...

    This!


    Hack The Box
    defarbs.com | Retired Machine Writeups! - "Let me just quote the late, great Colonel Sanders, who said, 'I'm too drunk... to taste this chicken.'”

  • edited June 2019

    Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

    Of course, you also need solid theoretical foundations so you gotta read and study things like networking, kernels, windows internals, etc, but that should come on its own if you're curious and persistent.

    Xentropy
    Null | Nada- | Zip | Diddly | Zilch+

  • Type your comment> @Xentropy said:

    Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could probably compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

    ^^ this

    it's possible that to some limited extent some people are just inherently "better" at solving certain types of problems, but everyone can get to a point where they're good enough that the difference is negligible.

    in the beginning, it's probably valuable to watch ippsec videos and read walkthroughs, but I'd argue the the most important things to learn are more about the process and less about the specific details.

    once you have a process which will reliably help you to detect what seems strange or interesting about a box, I have generally found it to be the case that I can find the answers I'm looking for by googling. the most recent box (Jarvis) is a good example of this. I wasn't immediately aware of how to escalate from a service account to a named user account, but I could tell nearly right away what type of problem it was and using that information I was able to figure out the solution using google. the same thing goes for the named user to root privesc. again in that case, just following standard privesc steps something stuck out right away, but it wasn't something I'm very familiar with and it took a little googling to figure out how to take advantage of it.

    the one thing i'd caution against is turning to the forum too early every time. in the beginning, if you don't have the basics down, videos or help from the forum probably does give a sense that you're learning a lot, but bear in mind that learning how to find the answers yourself can be an equally (or more) valuable skill in time.

    in any case, if you invest the time and keep practicing, you will get better and eventually you'll get to a point where you're mostly having to look up little trivial things on a majority of boxes.

  • Many, many, many hours spent simply doing it, and doing the research that comes up along the way. It's pretty much the path to becoming an expert at anything. Sorry that's kind of boring.

    LegendarySpork

    LegendarySpork

  • you gotta eat sht to know sht

    you got to eat shit to know shit

  • How did Keanu Reeves become John Wick? It's the old adage, practice makes perfect. Work on every active machine and challenge here in HTB, and even CTFs you can get your hands on. Read write-ups and video tutorials from @ippsec. Do that long enough, you'll be able to tell Morpheus, "I know Kung-Fu".

    I think it all boils down to an individual's learning style. For me, I learn best by doing. And yes, write notes, lots of notes...

    limbernie
    My write-ups of retired machines | Discord - limbernie#0386

  • How do i become Kevin Mitnick please?

    cyberus17l

  • I believe practice and experience has a lot of roles to play in this field. You can join our HTB discord noob community. You will meet noobs and pro's like Ippsec who are there to give you listening ears for your questions and challenges in solving HTB boxes and becoming better. use this invite link https://discord.gg/6XKdrGz Happy hacking.

  • Type your comment> @cyberus said:

    How do i become Kevin Mitnick please?

    rofl xDD allright man thanks for your advice,
    anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can't get anywhere without practicing like everyone said, i think i am on the right path then,
    anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

  • for linux priv esc, i start that way:

    forum and security...

    https://pastebin.com/qvq5YC74

    peek

  • Type your comment> @baltazzar said:

    Type your comment> @cyberus said:

    How do i become Kevin Mitnick please?

    rofl xDD allright man thanks for your advice,
    anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can't get anywhere without practicing like everyone said, i think i am on the right path then,
    anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

    Hey bro i can of need your help am lost just new here here please

  • Type your comment> @Muzec said:

    Type your comment> @baltazzar said:

    Type your comment> @cyberus said:

    How do i become Kevin Mitnick please?

    rofl xDD allright man thanks for your advice,
    anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can't get anywhere without practicing like everyone said, i think i am on the right path then,
    anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

    Hey bro i can of need your help am lost just new here here please

    Sure thing bro

    cyberus17l

  • Type your comment> @Xentropy said:

    Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

    Of course, you also need solid theoretical foundations so you gotta read and study things like networking, kernels, windows internals, etc, but that should come on its own if you're curious and persistent.

    This is inspiring. I'm at the point where it takes me a week to do a medium box, 45 days on here and I've only got 5 flags. Maybe if I can keep obsessing as hard as I have been for the past month and a half I can relate to your statements even more.

  • ok for my brothers , noobies and beginners like me , get Discord and join the community, lots of helpful people there,vip is important , it gives you much valuable experience, and if you need help come on discord, all the community help each other there, people are so good

  • It's a pretty simple equation - Enjoy what you do and you will get good at it..Jump into the community and please please whatever you do, take a little but also give a little back to the community too.

    Hack The Box

    More than happy to help out and give hints - sorry if you've messaged me on forum.htb and I haven't got back, I might be more reachable via discord: CRYP70🇦🇺#8985

  • @ippsec maybe it'll be good tag him in and see if he can give us some tips.
  • I think the most important thing is to be organized and to have a logical methodology that you follow. Otherwise you will get information overload and you'll probably waste a lot of time.

    I find a good way to learn is to follow the mitre att&ck Matrix. Create a folder on your PC for each phase from initial access all the way through impact. Some phases feature a lot more than others in HTB. For example you don't really deal with persistence or lateral movement all that much. But there is enumeration and privilege escalation involved in practically all the boxes so get really good at those. Start with the basics, learn how to enumerate the most common ports, learn all the tools, read their man pages, and understand exactly what they are doing and why. Anytime you learn something new note it down and put it in the relevant folder. Honestly it can take years just to get really good at enumeration & privilege escalation alone but start with the basics.

  • edited January 15

    Type your comment> @baltazzar said:

    personally I am wondering if he takes requests .... I'd love to see him do a series on bin ex :D be it

    from beginner to ROPE / Player 2 root.... level

    running through all the tools, he flashes through a number in a bunch of videos of course, but .... everything gdb, ghidra, radar, pwn tools etc from beginner up would be what I would ask for probably a lot to ask for but we can dream :D

    of course it doesn't have to be @ippsec if anyone else wishes to do it I'd be just as happy to watch theirs and work through them

    To be fair that would be worth serious donations on patreon :D

    CurioCT

  • With anything, consistency provides the best results. I've met a lot of people that want to be pentesters but don't really have any type of schedule or plan to improve. This is one of those fields that require an insane amount of time to master. One of the main reasons I did the videos was to pressure myself into sticking with HackTheBox, as I'm sure many people would be disappointed if I stopped.

    My suggestion would be to spend 3 days a week trying to learn. To start out, watch a video of a machine and read some walk-throughs on Monday. Wednesday, try the machine you studied on your own. Friday, attempt a different machine or do the machine along with the video.

    Once you're going, try changing it up. Monday attempt to do the machine on your own, Wednesday (even if you completed it monday) study the machine and take notes on what you could have done differently. Use the third day to read up on something, or try scripting a piece of the machine out to get familiar with Python. Not challenging enough? Try scripting it out in Go.

  • alright,let's do as ippsec said guys ^_^ , thanks a lot everyone for your help, i think it is all about consistency then,
    Thanks everyone for your time and effort

  • edited February 7

    As a beginner of htb player , i found myself stuck on a box for many days (sometime even easy box). I wonder should I skim through alot more ippsec video to build some common methodology or this is a common stage all beginner should go through? The former approach make me worry that I may miss the opportunity to develop proper intuition on problem solving but the later one take too long and sometime i lost the passion abit....

    Any tips ?

    ps: i haven't tried any hard or insane box yet..... still hanging on easy and medium as I am very slow in finishing those ones....

  • I think to reiterate everyone else, it takes time and patience. I've work in all facets of IT (except programming) and I think having that back end knowledge helps me understand what I'm looking at a bit, but ultimately it didn't prepare me at all to take on the challenges of these boxes.

    This skill set requires you to use new tools that you may not be 100% comfortable with or even old tools that you've only touched on their capability. I've found that learning syntax for these things has cost me more time than actually enumerating boxes.

    The single biggest take away from starting HTB and pen testing in general is always having a plan or "playbook". If you see port 80 open in nmap you do "x", if you see an odd service you do "y". There's always a necessity for deviation from the norm, but having a solid flow for enumeration is key to being successful.

  • To be like ippsec, first you have to start with nmap -sC for default scripts, -sV for enumerate versions, -oA to save all outputs.... and then you take it from there.

  • edited February 7

    Type your comment> @squid22 said:

    To be like ippsec, first you have to start with nmap -sC for default scripts, -sV for enumerate versions, -oA to save all outputs.... and then you take it from there.

    LOL

    This might take some time so I already run it

  • I love @ippsec videos myself. That is how I discovered HTB in the first place. Watching him rooting the boxes gave me a good understanding of how to do the proces and started trying boxes. The rest is up to: reading, trying, trying harder and enjoying the ride!
Sign In to comment.