HTB Upcoming Features

Didn't see a post about this on here and just noticed it on the HTB twitter page:
https://www.hackthebox.eu/press/a-year-in-review-2019-2020

Whilst its titled "Year in review", it mainly focuses on upcoming features for this year

Comments

  • Nice one - never saw that post.

    I did see Starting Point though - only after I couldn't work out what people were talking about with the questions :smile:

    Had a brief play, seems fun and useful to bring people in. Sadly it forced me to regenerate all my connection packs though :lol:

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited April 1

    I had a quick look at starting point and was weirded out by the way they tell people to do port scans lol seemed way over complicated for a beginner tutorial, but yeah overall it seems like a good addition to the site

    Like wtf is this first line about:

    ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
    nmap -sC -sV -p$ports 10.10.10.27

    when you can just type the number of ports you want to scan instead

  • lol yeah - I've seen that in a few write ups as a "quicker" way - you do a super-fast full scan of all ports then focus on the ones which appear open.

    I am not a fan though. I'd rather scan them all rather than assume closed based on nmap's reading of the response.

    I tried that on a couple of boxes and the time difference is fairly minimal - obviously it depends on the box and its configuration.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • they should at least explain that's what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I'd be pretty put off

  • Type your comment> @VbScrub said:

    they should at least explain that's what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I'd be pretty put off

    Yup, thats how I felt. All that didn't even work for me.

  • @Buttersauce said:

    @VbScrub said:

    they should at least explain that's what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I'd be pretty put off

    Yup, thats how I felt. All that didn't even work for me.

    I've found it does generate errors sometimes with map complaining that the ports specified on the second part are invalid.

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • edited April 1

    this is all I run, and I've never had any errors:

    nmap 10.10.10.100 -p1-6000 -T4

    I feel like that would be a much better example especially for beginner tutorial. Fair enough if they want to change the port numbers, I only scan the first 6000 ports to start with and if I get stuck after that I scan the rest with "-p-6000-65535"

  • Heard, I appreciate that tip. I've seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.

  • @Buttersauce said:

    Heard, I appreciate that tip. I've seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.

    I don't think there is a best. It is entirely down to what you want to achieve, what you are comfortable with and what output you want.

    Use the tool in a way which works for you.

    For example, I like to get visual feedback so I almost always use -vvvvv (or more v's depending on my mood).

    I like to get a copy of the output, so again, unless I have a burning reason not to, I use -oA all_tcp

    I like to know why nmap thinks a port is open or closed, so --reason is a part of my regular use.

    If I am not in a rush, I'd use -sC -sV in the initial scan, just to save the effort of going back and rescanning the open ports. Sometimes I get lazy and use -A -p-.

    In a nutshell, it all depends on what I am trying to do with nmap. (--script vulns is occasionally useful)

    TazWake

    Happy to help people but PLEASE explain your problem in as much detail as possible!

    Also: https://www.nohello.com/

  • also if you want to know what a parameter does that you've seen someone use, just look it up here: https://nmap.org/book/port-scanning-options.html

Sign In to comment.