HTB Upcoming Features

Didn't see a post about this on here and just noticed it on the HTB twitter page:
https://www.hackthebox.eu/press/a-year-in-review-2019-2020

Whilst its titled "Year in review", it mainly focuses on upcoming features for this year

Comments

  • Nice one - never saw that post.

    I did see Starting Point though - only after I couldn't work out what people were talking about with the questions :smile:

    Had a brief play, seems fun and useful to bring people in. Sadly it forced me to regenerate all my connection packs though :lol:

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    I had a quick look at starting point and was weirded out by the way they tell people to do port scans lol seemed way over complicated for a beginner tutorial, but yeah overall it seems like a good addition to the site

    Like wtf is this first line about:

    ports=$(nmap -p- --min-rate=1000 -T4 10.10.10.27 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
    nmap -sC -sV -p$ports 10.10.10.27

    when you can just type the number of ports you want to scan instead

  • lol yeah - I've seen that in a few write ups as a "quicker" way - you do a super-fast full scan of all ports then focus on the ones which appear open.

    I am not a fan though. I'd rather scan them all rather than assume closed based on nmap's reading of the response.

    I tried that on a couple of boxes and the time difference is fairly minimal - obviously it depends on the box and its configuration.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • they should at least explain that's what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I'd be pretty put off

  • Type your comment> @VbScrub said:

    they should at least explain that's what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I'd be pretty put off

    Yup, thats how I felt. All that didn't even work for me.

  • @Buttersauce said:

    @VbScrub said:

    they should at least explain that's what its doing and provide a simpler alternative then. If I was a beginner and that was the very first step I see, with no explanation, I'd be pretty put off

    Yup, thats how I felt. All that didn't even work for me.

    I've found it does generate errors sometimes with map complaining that the ports specified on the second part are invalid.

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • edited April 2020

    this is all I run, and I've never had any errors:

    nmap 10.10.10.100 -p1-6000 -T4

    I feel like that would be a much better example especially for beginner tutorial. Fair enough if they want to change the port numbers, I only scan the first 6000 ports to start with and if I get stuck after that I scan the rest with "-p-6000-65535"

  • Heard, I appreciate that tip. I've seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.

  • @Buttersauce said:

    Heard, I appreciate that tip. I've seen a lot of nmap scans with switches (-sV -sC) , still new so not 100% confident in which is best.

    I don't think there is a best. It is entirely down to what you want to achieve, what you are comfortable with and what output you want.

    Use the tool in a way which works for you.

    For example, I like to get visual feedback so I almost always use -vvvvv (or more v's depending on my mood).

    I like to get a copy of the output, so again, unless I have a burning reason not to, I use -oA all_tcp

    I like to know why nmap thinks a port is open or closed, so --reason is a part of my regular use.

    If I am not in a rush, I'd use -sC -sV in the initial scan, just to save the effort of going back and rescanning the open ports. Sometimes I get lazy and use -A -p-.

    In a nutshell, it all depends on what I am trying to do with nmap. (--script vulns is occasionally useful)

    Note: I am not going to be available much in September.

    TazWake

    Note: https://www.nohello.com/

    Happy to help people but PLEASE explain your problem in as much detail as possible! If you say vague things like "It's not working", I cant help. This isn't Twitter so my DMs are always open.

  • also if you want to know what a parameter does that you've seen someone use, just look it up here: https://nmap.org/book/port-scanning-options.html

Sign In to comment.