SHOW ME SOME DIRECTION

Hello Everyone,
I am new here. I started this Hack The Box few weeks back. I am really excited about the world of Cyber Security but now i am feeling frustrated and depressed.

I don’t want to sounds like crying baby but at the same time. I am working behind the machine(Buff) from last 4 days, Which has easy level and still i am not able to crack it.

It has Apache httpd 2.4.43. I read a lot about this and i did all the research as well as on rapid 7 but still not able to crack it. I understand the vulnerabilities in it but what to do after that. There are a lot of option going each one by one still not able to crack it.

Please, show me some path or some idea that how to think like a hacker. Where to search or any awesome website which can help newbie like me.

Any help from your side is appreciated. I just don’t want to quit.

Thank You !!

@AATIMAHARATHI said:
Hello Everyone,
I am new here. I started this Hack The Box few weeks back. I am really excited about the world of Cyber Security but now i am feeling frustrated and depressed.

I don’t want to sounds like crying baby but at the same time. I am working behind the machine(Buff) from last 4 days, Which has easy level and still i am not able to crack it.

It has Apache httpd 2.4.43. I read a lot about this and i did all the research as well as on rapid 7 but still not able to crack it. I understand the vulnerabilities in it but what to do after that. There are a lot of option going each one by one still not able to crack it.

Please, show me some path or some idea that how to think like a hacker. Where to search or any awesome website which can help newbie like me.

Any help from your side is appreciated. I just don’t want to quit.

Thank You !!

First of all, Welcome to the Community!
HTB is one of the best places to learn, practice and engage with amazing people.
Security in general has a steep learning curve and you simply cant thing to achieve anything in short run. Persistence is everything!

Second, like any other forums if you have any doubts/need help post in appropriate thread after going through it. Do not spam any thread in any case! go through all the messages and I am sure you will find enough hints/help in most cases that you wont be required to ask again.

Third, be consistent and honest. Do not cheat/copy solutions/walk through directly just in hopes of rooting a box.Aim is to learn not increase stats.

Forth and finally, There is just so much “good” content out there for free use it. and by good I mean do not get trapped by random people claiming to be “great” or professional and demanding money for random courses and training. Follow all the major conferences like DefCon,BlackHat,Nullcon etc and find the speakers from there to follow and listen to.
On youtube Stok,DcCyberSec,HackerSploit all are good channels to start with.

Keep reading Keep learning!

P.S. go to the official Buff discussion and you will get the hints for the same!

@AATIMAHARATHI said:

Hello Everyone,
I am new here. I started this Hack The Box few weeks back. I am really excited about the world of Cyber Security

That is awesome - welcome to HTB and I hope you learn lots and (eventually) have fun.

but now i am feeling frustrated and depressed.

This happens to everyone.

I don’t want to sounds like crying baby but at the same time. I am working behind the machine(Buff) from last 4 days, Which has easy level and still i am not able to crack it.

First, to reiterated @atomman -please try to make sure you use the existing threads. Apart from anything else, the thread may already have answers to your problems.

It’s not perfect (the hints are often difficult to parse) but research is important in cybersecurity, if you cant research the existing questions it means the hints you get might not be all that useful.

Secondly - Buff is not an easy box if you don’t know how to do it. The HTB ratings are very generic. Easy normally means you don’t have to create your own exploits, not that you won’t find it challenging.

It has Apache httpd 2.4.43. I read a lot about this and i did all the research as well as on rapid 7 but still not able to crack it. I understand the vulnerabilities in it but what to do after that. There are a lot of option going each one by one still not able to crack it.

You can take the lack of success as a huge hint that exploiting httpd 2.4.43 isn’t the way to go.

Its good that you found a vulnerable service, but if you cant exploit it, you need to learn when to move on.

With Buff, you are almost certainly overthinking this. Read the information on the webpage and it tells you what you need to exploit.

Please, show me some path or some idea that how to think like a hacker. Where to search or any awesome website which can help newbie like me.

I don’t know how to think like a hacker, I am not really that sure what it means. There isn’t a website which gives the answers you need here, it is largely down to practice, experience and trying things.

Specifically for Buff - the problems you are having are mentioned several times in the thread. So the main tip I’d suggest is learn to research things.