Is Starting Point deliberately vague?

I’ve attempted starting point several times today and been unable to complete it. I’ve been following the “tutorial” but I often get results or errors that are different than what’s in the text, so I have to find a workaround for it.

I’m not complaining, but I’d like to know if it’s done like this on purpose to make you have to think creatively? Or is it just badly written and not very well explained?

I think the short answer is “It depends.”

Some people face issues with technology versions - which is not something the people who put the starting point guides together could anticipate or account for.

Sometimes the boxes fall over - that always happens with CTFs.

So it’s probably more down to different software versions giving different results?

Well, it depends what the problem is really.

Sadly, I can’t remember the errors off the top of my head, and I’m not currently feeling much like firing up my VM to recreate them. I gave up at the python3 -m http.server 80 command as I wasn’t able to progress beyond it.

I’ll give it another try tomorrow when my minds a bit less mushed.

Ok - looking at the walk through, I am not convinced the xp cmdshell bit would work as it has unbalanced quotes. I’d have probably changed the first inner double quote to single quotes, and closed them before it ends.

I’m finding it’s not very well explained. Like it’s either been written to be vague on purpose so you have to work out what it really means, or it was written by someone who doesn’t have the first clue on how to write a walkthrough properly. I got through the xp cmdshell fine, but it fell over at the python3 -m http server 80 line.

I have a background in programming and games development (but no experience of network or cyber security). I also teach a games development class to kids, and if I sat a student down at the PC and said “Okay, write me a FOR / NEXT loop” without explaining to them what a FOR / NEXT loop is, or even worse tell them that I’m not going to explain it to them so they’ll have to figure it out on their own, I’d expected them to walk out of the class and give me a terrible review to my bosses.

I’m not really complaining here, because if I have to work it out, I’ll work it out. A Google search will probably clear up most of the issues. It would, however, have been a bit nicer if was a little more hand-holdy, or at least better explained in a step1 do this, step2 do that, manner, especially since it’s going to be many users first experience of this sort of thing.

I’ve heard from various YouTubers who do CTF videos of the retired boxes that HTB is looking to expand it’s user base, but I’m wondering how many potential new users have signed up, tried the starting point walkthrough, stumbled at the first hurdle and never returned?

@Cyb0Mancer said:

I’m finding it’s not very well explained. Like it’s either been written to be vague on purpose so you have to work out what it really means, or it was written by someone who doesn’t have the first clue on how to write a walkthrough properly.

Ok - I am not really sure about that. I’ve not looked at the Starting Point labs in any detail. They do generate a lot of questions here (largely because Impacket seems to have changed some of its libraries :smile: ), but its hard to tell if that is down to the labs or the people.

I dunno, I just don’t think it’s very well written as a stepping on point for new users, as it gives the impression that it’s written cryptically with errors in it on purpose in order to get the user to work out how it should work. Hacking seems to be, from what I’ve noticed of people doing the CTF walkthroughs, a series of educated guesses as to the right way to gain access. Like a puzzle that you have to solve.

Like you said above, the xp cmdshell stuff has unbalanced quotes, so it wouldn’t work anyway. Perhaps it was written this way on purpose to be more of a puzzle to get the user to figure it out, like they would if they were doing one of the other boxes? Or is it just a typo?

If it’s a puzzle, that’s fine, but they should have explained that you have to work out how to get it working in the intro. if it’s a typo, it probably means that whoever wrote the tutorial didn’t test it properly to see if it actually worked, which isn’t too great if you’re expecting newcomers who have little or no understanding of this to follow along and learn something.

Sorry if I’m giving the impression that I’m complaining about this. I’m not really, it’s just that I figured the stepping on point to get people new to this through hacking their first box would have been a bit easier to do and better explained.

I’m fairly patient and I will work it out, but there are others who will simply walk away thinking “Well, it I can’t even complete the tutorial, how can I ever get the flag from a box?” because they think the errors are down to their inability to understand rather than the fact that the tutorial is broken. Which is kind of a poor impression for a site that claims to be a place where people can learn to give, especially if they’re trying to encourage new members to join.

@Cyb0Mancer said:

Sorry if I’m giving the impression that I’m complaining about this. I’m not really, it’s just that I figured the stepping on point to get people new to this through hacking their first box would have been a bit easier to do and better explained.

I totally get that and its good to have honest feedback. Hopefully, HTB staff will read this and it will get picked up on.

I’ve had another go at it, and again got as far as python3 -m http.server 80 and it gives me this:

$ python3 -m http.server 80
Traceback (most recent call last):
File “/usr/lib/python3.8/runpy.py”, line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File “/usr/lib/python3.8/runpy.py”, line 87, in _run_code
exec(code, run_globals)
File “/usr/lib/python3.8/http/server.py”, line 1294, in
test(
File “/usr/lib/python3.8/http/server.py”, line 1249, in test
with ServerClass(addr, HandlerClass) as httpd:
File “/usr/lib/python3.8/socketserver.py”, line 452, in init
self.server_bind()
File “/usr/lib/python3.8/http/server.py”, line 1292, in server_bind
return super().server_bind()
File “/usr/lib/python3.8/http/server.py”, line 138, in server_bind
socketserver.TCPServer.server_bind(self)
File “/usr/lib/python3.8/socketserver.py”, line 466, in server_bind
self.socket.bind(self.server_address)
PermissionError: [Errno 13] Permission denied

So, I can’t do the next bit which is:

nc -lvnp 443
ufw allow from 10.10.10.27 proto tcp to any port 80,443

because it gives me: Can’t grab 0.0.0.0:443 with bind : Permission denied

And there’s nothing in the tutorial that explains, or at least hints at, how to fix this. And I’m not quite sure where to start.

Oh… And I was attempting to do this in terminal, but I was watching a video of starting point and that guy was using something called terminator. Should I be using that, or something similar to that, instead?

I think, depending on your OS, you might need to run sudo python3 -m http.server 80

And sudo ufw allow from 10.10.10.27 proto tcp to any port 80,443

The 2020 release of Kali (and I think Parrot) no longer have you in a root account by default. That makes a lot of the things you need to do for pentesting/ctfing etc really painful.

I’m using the latest Kali release.

I’ll try sudo when I’m back in my VM. I’m not 100% up to speed with Linux. I messed about with Ubuntu a few years ago, but never really used it much.

After some frustration, I decided that I was going to avoid Kali 2020 because the need to elevate privs all the time really frustrated me.

Almost everything you want to do in Linux will need elevated privs - for example, ports 80 and 443 tend to need root privs to spin up a listener. In old Kali, it wouldn’t have mattered but in new Kali you need to sudo all the time or run sudo su - which seems to defeat the purpose of ever not running as root.

Was there any real benefit to the change to have elevated privs, or was it simply one of those “It’s not broke, but we’ll ‘fix’ it anyway” brainwaves that software and OS developers have from time to time?

@Cyb0Mancer said:

Was there any real benefit to the change to have elevated privs, or was it simply one of those “It’s not broke, but we’ll ‘fix’ it anyway” brainwaves that software and OS developers have from time to time?

I cant speak for Offensive Security but I think it is driven by the desire to make Kali more of a “day to day” OS. In daily use, running as root is a risk - certainly on a device you use to check emails or browse the internet.

However, IMHO, the box you use for “hacking” (for want of a better phrase) shouldn’t bey your daily machine.

Yeah, I don’t know much about Linux, as over the years I’ve used Windows and MS-DOS primarily, but I surely wouldn’t choose Kali to be my everyday OS.

I’m gonna go out on a limb here and say the purpose of the starting point is to get people used to the HtB flow, not provide any beginner help. The academy is really HtB’s first attempt at providing any ‘hacking education’ type stuff. The rest its kind of assumed you have a working knowledge and want a challenge.