Question for first 100 on HTB and others

Recently I saw some newly accounts on HTB, say 50-100 days old.
It has for last 2 weeks, 2 Insane boxes 3 hard ones and couple of easy ones done.
Not to mention time, between posting user and root flag and flags between boxes.
For me, I wouldn’t sleep those 2 weeks if I even could do Insane boxes in that time, but even hard ones and easy ones in such short notice, maybe looks impossible from where I look at.

So, my question is, is it possible?
And, if not, is there someone selling write-ups of active machines?

Thanks

@solid5n4k3 said:

Recently I saw some newly accounts on HTB, say 50-100 days old.
It has for last 2 weeks, 2 Insane boxes 3 hard ones and couple of easy ones done.
Not to mention time, between posting user and root flag and flags between boxes.

Dont read too much into this. Some people I know wait until they have rooted a box to submit the user flag. It doesn’t make sense to me, but everyone is different.

For me, I wouldn’t sleep those 2 weeks if I even could do Insane boxes in that time, but even hard ones and easy ones in such short notice, maybe looks impossible from where I look at.

So, my question is, is it possible?

All things are possible. Most boxes can be done in under 5 hours if you really go for it.

Largely it boils down to how well you know the technology, how fast your workflow is and sometimes luck. One box per day is certainly achievable. I managed Time and Jewel on the same day (largely because there were bits I’d seen lots of times on CTFs, so it became a predictable path).

When I’ve had the capacity to dedicate to HTB, I was able to root six boxes in five days.

However, while it is possible, it isn’t common.

Don’t forget though, the only way to become Omniscient is to be able to drop boxes faster than 1 per week because there has to be a point in time where you’ve rooted every box and every challenge. If this wasn’t possible, no one would be Omniscient.

And, if not, is there someone selling write-ups of active machines?

Yes. It is a common problem. Before that, people sold the flags - which is why HTB moved to dynamic flags.

We can talk all day about this. I don’t understand why someone would pay for internet points, but it is clear that people do. As long as people are willing to pay for it, people will sell it.

Thanks TazWake for amply explanation for this topic and as always I agree with you.
But, there is always but.

When I started HTB, I needed time to get familiar with HTB methodology, what is needed from machine etc, you know what I want to tell you.

Maybe I am slow in learning or something else, but when I see that someone in two weeks do what I mentioned in first post, seems impossible for me.
While for example 2 insane and 3 hard boxes which are active now, and done by users in short period of time, have totally different approaches and technologies, for one to know all of that, he/she has to have such broad experience, knowledge or just better search engine than I am :).

And totally doesn’t make sense to have fake points on platform like this, since we are here to learn not to compete.
Life and world is full of competition so some award and who has more points has to exist.

@solid5n4k3 said:

When I started HTB, I needed time to get familiar with HTB methodology, what is needed from machine etc, you know what I want to tell you.

Totally agree. There is a genuine learning curve. My first year here I was lucky to get one box every two weeks. Practice makes perfect.

However - my caveat (and I am only playing Devils Advocate really) is that people have different starting points. If someone has spent a long time on THM and VulnHub, they will hit the ground running a lot faster than someone who has never used nmap before.

Maybe I am slow in learning or something else, but when I see that someone in two weeks do what I mentioned in first post, seems impossible for me.

Don’t get me wrong, it is very suspicious. They are either experienced and would be doing well on other platforms, or they’ve acquired walkthroughs.

While for example 2 insane and 3 hard boxes which are active now, and done by users in short period of time, have totally different approaches and technologies, for one to know all of that, he/she has to have such broad experience, knowledge or just better search engine than I am :).

lol. I agree with the underlying point you are making here but I would also suggest a general caution of comparing yourself with others.

I’ll use myself as an example - Laboratory. The person who got root blood is currently ranked Pro Hacker in the 600s here, I am in and out of the 100s. They got root in 2 hours. It took me about 8 to get user and then about an hour to root it. The person who got user blood did it in under 2 hours but they are also in the 600s. They are clearly MUCH better at some things than I am, I just have persistence and spare time on my side.

The point is that everyone has different capabilities. Its a bit misleading to think “I’d have struggled with that, so other people should.”

Saying all that, I agree with you, it is unusual and suspicious :smiley:

And totally doesn’t make sense to have fake points on platform like this, since we are here to learn not to compete.

I agree ten million percent here. Its a shame that some organisations appear to be turning this into a way to select new hires because that is always going to drive “cheating.” It is the same with certifications - the rampant cheating on OSCP led to them using video monitoring for example.

Life and world is full of competition so some award and who has more points has to exist.

Humans seem to be fascinated with badges.

Agree totally on every point.
I don’t like to compare with others, but also maybe I underestimate myself, which leads to how he done it.

Hope someone else would give some comments on subject :).