Help Me Anyone

How Should I learn HTB ?
Should I go for theory or practicals,
I have seen ippsecc videos and it was difficult for me to understand , but how to know in which machine which command we have to use and what we have to do and after doing where to submit?

This is my truth

Comments

  • You should go for practical, not theoretical. If ippsec's videos are a bit difficult for you, i would suggest getting VIP and following his videos on easy boxes and working your way up, if VIP is too expensive for you, try out some easy vulnhub boxes and follow write-ups on how to root them, good luck!

    PromeDNS

  • I personally started by doing the 2 boxes that are free in the retired machines section while following a writeup for 90% of the machine. Then I tried the easiest boxes and it took me 3-4 weeks to do one ~4/10 box. I also did some challenges and watched Ippsec videos.
    It will be hard and there will be a lot of head banging against the wall but eventually you will get better with time. Good luck!

  • edited January 26

    @s4ma3l But in retired machines that machines are not their which are easy for free. And Thankyou Soo much for your precious reply.

  • @z3r0shred Thankyou Bro for reply and can you tell after hacking a machine what to do after that, where to post that or report that ?

  • Look at the difficulty rating of the machine before you start, I think the easiest one now from the free machines is Nest, and in the retired is Lame.

  • @s4ma3l can you tell after hacking a machine what to do after that, where to post that or report that ?

  • @s4ma3l I am using au free server and in that Player And AI is only available for free and difficulty level is high.

  • I would recommend doing some HackTip episodes.

  • overthewire bandit for linux stuff which will come handy for privilege escalation later.
    read some pentesting books that teach the basics. once you understand the basics, you can start with simple mahines here.

  • @OddRabbit and @hansraj47 thankyou soo much for reply, I started AI machine and it was difficult for me and first thing what I have to do when I select a machine ,

    Should I go to site and check each and everypage and all ?

  • @hackempire Scanning & enumeration is the point, where everything should start.
  • start with simple machines like Tjnull's oscp list. check on google.

  • I find an easy way is to search vulnhub for machines that have walkthroughs online. Spin up the vulnerable machine in vbox or VMware and maybe change the network settings to host only. Find the write up online and try to break the box yourself at first. If you get stuck go to the walkthrough to get you to one step, and make sure you understand what is going on. Then try the next step yourself, if you get stuck, see the walkthrough... ect ect. Before long you will be able to remember a lot on your own!

    Also, after you’ve rooted a vuln machine write a paragraph on how you did it from memory. Keep doing that with more and more machines on vulnhub. Once you feel comfortable, come back to htb and apply the principles you have learned!

    chicxulub

    twitter @Chicxulubbb

  • guys need help with a challenge not on hack the box can somebody help

  • Type your comment> @z3r0shred said:

    You should go for practical, not theoretical. If ippsec's videos are a bit difficult for you, i would suggest getting VIP and following his videos on easy boxes and working your way up, if VIP is too expensive for you, try out some easy vulnhub boxes and follow write-ups on how to root them, good luck!

    further to this I would recommend when you are starting to slow the videos down by 25% in the you tube player and use the pause button a lot, making notes and more importantly trying the things he does basically playing, read the man pages for the commands he uses etc do the research yourself.... so he tends to very rapidly flash through all the googling and research he recommends and jump straight to his results. Not a criticism by any means, he is trying to make his videos stay on point and not get way too long.

    When you get to a certain point you will not need to keep doing this and will likely find your self skipping through them to find the nuggets you actually want. At that point his companion web app http://ippsec.rocks is a very handy tool.

    You might also check TheCyberMentor's channel his pentesting for noobs series tends to go through the methodology a lot more but you would need a VIP subscription here for you to actually follow along with the actual box (not absolutely necessary but possibly easier) he does cover a little more methodology than just straight solution.

    Personally I found both very useful starting out and the ippsec's better in terms of long term reference.

    Hope this helps

    CurioCT

  • edited February 15

    @s4ma3l said:
    Look at the difficulty rating of the machine before you start, I think the easiest one now from the free machines is Nest, and in the retired is Lame.

    Traverexec surely? :)

    CurioCT

  • Type your comment> @CurioCT said:

    Type your comment> @z3r0shred said:

    You should go for practical, not theoretical. If ippsec's videos are a bit difficult for you, i would suggest getting VIP and following his videos on easy boxes and working your way up, if VIP is too expensive for you, try out some easy vulnhub boxes and follow write-ups on how to root them, good luck!

    further to this I would recommend when you are starting to slow the videos down by 25% in the you tube player and use the pause button a lot, making notes and more importantly trying the things he does basically playing, read the man pages for the commands he uses etc do the research yourself.... so he tends to very rapidly flash through all the googling and research he recommends and jump straight to his results. Not a criticism by any means, he is trying to make his videos stay on point and not get way too long.

    When you get to a certain point you will not need to keep doing this and will likely find your self skipping through them to find the nuggets you actually want. At that point his companion web app http://ippsec.rocks is a very handy tool.

    You might also check TheCyberMentor's channel his pentesting for noobs series tends to go through the methodology a lot more but you would need a VIP subscription here for you to actually follow along with the actual box (not absolutely necessary but possibly easier) he does cover a little more methodology than just straight solution.

    Personally I found both very useful starting out and the ippsec's better in terms of long term reference.

    Hope this helps

    Absolutely agree with you!

    PromeDNS

Sign In to comment.