On the quality of recent boxes...

@opt1kz said:
I would personally benefit greatly from having realistic Windows boxes released back-to-back for a while because my Windows skills are a bit lacking.

You and me both brother. As much as I despise the Windows boxes, some part of me really likes them because I always learn something from them.

@ippsec:

Thank you for following this discussion and providing your feedback. I really like what @opt1kz started with this thread, it has probably been long-awaited by some members. We need more of this honest discussion within the community about how to improve our community. I realize personalities are bound to clash, but that’s fine, that’s all part of human interaction. What I really love seeing is two people trying to improve the community with completely different viewpoints or opinions. I’m really impressed with both @opt1kz and @3mrgnc3, among others, for expressing their differing opinions and trying to work them out for the betterment of the entire community.

and then, they got babies and a happy life, there is some sort of romance in between two people here

Even thought there is some non real world boxes, you can learn something that will be used against real world application.

@Skunkfoot said:
I realize personalities are bound to clash, but that’s fine, that’s all part of human interaction. What I really love seeing is two people trying to improve the community with completely different viewpoints or opinions.

You are quite right. I know I’d like to improve my people skills. Thats for sure ?

@Higgsx this is so true. If you keep track of the little tricks and techniques you learn on the boxes you think are unrealistic, you will wind up pulling them out and using them on other boxes and in real life.

I think the voting system is flawed too. One can only vote for a system after root.txt is obtained. I’ve stopped working on many boxes as soon as I realized they are CTF like, but since I did not complete them, I could not vote them down.

@radarA said:
I think the voting system is flawed too. One can only vote for a system after root.txt is obtained. I’ve stopped working on many boxes as soon as I realized they are CTF like, but since I did not complete them, I could not vote them down.

Would you really rather someone be able to vote on a box without completing it? How can I give an opinion on something I haven’t even done yet?

@Skunkfoot said:

@radarA said:
I think the voting system is flawed too. One can only vote for a system after root.txt is obtained. I’ve stopped working on many boxes as soon as I realized they are CTF like, but since I did not complete them, I could not vote them down.

Would you really rather someone be able to vote on a box without completing it? How can I give an opinion on something I haven’t even done yet?

True, but at the same time, when you spend 2hrs on a box and all you see is troll, do you really want to go all the way to root.txt, just so you can vote?

Don’t get me wrong, I think the current voting system works OK, but it can be improved by adding more details to vote on (like “realism”).

@radarA said:

@Skunkfoot said:

@radarA said:
I think the voting system is flawed too. One can only vote for a system after root.txt is obtained. I’ve stopped working on many boxes as soon as I realized they are CTF like, but since I did not complete them, I could not vote them down.

Would you really rather someone be able to vote on a box without completing it? How can I give an opinion on something I haven’t even done yet?

True, but at the same time, when you spend 2hrs on a box and all you see is troll, do you really want to go all the way to root.txt, just so you can vote?

No, I want to go all the way to root because I realize there might be beneficial learning or information after the troll part (there usually is).

I get what you’re saying though, it doesn’t hurt to take a look at that system and see if we can improve it at all. :slight_smile:

@Skunkfoot @radarA

Somewhere in between maybe?
Maybe a new voting option of “gonna pass on this” and a reason radio option set of one of these?

  • “Too CTF”
  • “Too Trollolol”
  • “Too Boring”
  • “Too Hard”

This could help guide how box makers change the boxes in the future?

What do people think of that?

Personally, I really dislike the Realism vs CTF-Like in this thread. It’s really easy to lie to yourself and say the reason you didn’t get something was due to it being CTF-Like, or the author is a troll.

Even if the problem is as stupid as you didn’t find the hidden directory! Guess what DFIR, after you pop boxes, is a thing. In the real world, files won’t magically be where you expect them to be, create good automated ways to hunt for that type of stuff. It’s super easy to pick a time period and hunt for documents around that time. I use this technique relatively frequently on real engagements if I see password resets I’ll go hunt for documents modified on the password reset date to see if they have a document somewhere with passwords.

@ippsec said:
Personally, I really dislike the Realism vs CTF-Like in this thread. It’s really easy to lie to yourself and say the reason you didn’t get something was the failure was due to it being CTF-Like, or the author is a troll.

Even if the problem is as stupid as you didn’t find the hidden directory! Guess what DFIR, after you pop boxes, is a thing. In the real world, files won’t magically be where you expect them to be, create good automated ways to hunt for that type of stuff. It’s super easy to pick a time period and hunt for documents around that time. I use this technique relatively frequently on real engagements if I see password resets I’ll go hunt for documents modified on the password reset date to see if they have a document somewhere with passwords.

That’s a very good point. I also see how such an option as I previously talked about could be open to abuse if people just want to vent anger/frustration at a particular box/creator too. Just because of ‘lying to themselves’ as you explained.

I mean, if there are people in the community that can complete a hard box within 24 hours, and others are shouting troll because they have been stuck on it for a week. The problem might not necessarily be with the box.

@3mrgnc3 said:

@ippsec said:
Personally, I really dislike the Realism vs CTF-Like in this thread. It’s really easy to lie to yourself and say the reason you didn’t get something was the failure was due to it being CTF-Like, or the author is a troll.

Even if the problem is as stupid as you didn’t find the hidden directory! Guess what DFIR, after you pop boxes, is a thing. In the real world, files won’t magically be where you expect them to be, create good automated ways to hunt for that type of stuff. It’s super easy to pick a time period and hunt for documents around that time. I use this technique relatively frequently on real engagements if I see password resets I’ll go hunt for documents modified on the password reset date to see if they have a document somewhere with passwords.

That’s a very good point. I also see how such an option as I previously talked about could be open to abuse if people just want to vent anger/frustration at a particular box/creator too. Just because of ‘lying to themselves’ as you explained.

I mean, if the people in the community that are actually good can complete a hard box within 24 hours, and others are shouting troll because they have been stuck on it for a week. The problem isn’t necessarily with the box is it?

I absolutely agree on this point. Just because something is hard to find or hard to solve doesn’t mean its troll or the Box sucks. I would rather ask myself, why cant I find the final part and what can I do to change that. Personally, i enjoy a hard Box more than a easy Box, even tho I havent done any of the 50 pts Boxes yet, since I have to learn before I should start them. But isn’t something like this one reason most people are here ? I can just speak for myself but I am here to learn and I would enjoy a Box which is insanely hard and forces me to learn more about a certain topic much more than a Box where I run through in some hours.

@ippsec said:
Personally, I really dislike the Realism vs CTF-Like in this thread. It’s really easy to lie to yourself and say the reason you didn’t get something was due to it being CTF-Like, or the author is a troll.

Thanks for being condescending and telling people that they’re lying to themselves and that their opinions are invalid. I’m going to stop thinking for myself right this second and go watch you fumble about on Jerry for fifty-two minutes instead.

@ippsec said:
Even if the problem is as stupid as you didn’t find the hidden directory! Guess what DFIR, after you pop boxes, is a thing. In the real world, files won’t magically be where you expect them to be, create good automated ways to hunt for that type of stuff. It’s super easy to pick a time period and hunt for documents around that time. I use this technique relatively frequently on real engagements if I see password resets I’ll go hunt for documents modified on the password reset date to see if they have a document somewhere with passwords.

Except nothing like this ever happens on this platform. Not even close. Finding IT support tickets in text-files-renamed-to-PNG files is completely different. Or having to play the CTF game to finally reveal the hidden l33t speak directory. Tell me, how would you suggest “automating” the process of discovering 7h1s_l33t_d1r3ct70ry_7h4t_u_c4n7_s3e, since you’ve apparently already done it?

@3mrgnc3 said:
I mean, if the people in the community that are actually good can complete a hard box within 24 hours, and others are shouting troll because they have been stuck on it for a week. The problem isn’t necessarily with the box is it?

Unbelievable. You just don’t learn, do you? Unless you get bloods and pop boxes in 24h, you aren’t “actually good”? Got it. I’ll start using that as a metric for judging everyone I interact with here, starting with you.

Oh, wait, that’s right. You don’t have any bloods, either, just like all the other baddies in this thread. Hey, based on THAT, your opinion must be irrelevant too!

I kind of like this system!

:grin: :heart:

@Baikuya said:

@3mrgnc3 said:

@ippsec said:
Personally, I really dislike the Realism vs CTF-Like in this thread. It’s really easy to lie to yourself and say the reason you didn’t get something was the failure was due to it being CTF-Like, or the author is a troll.

Even if the problem is as stupid as you didn’t find the hidden directory! Guess what DFIR, after you pop boxes, is a thing. In the real world, files won’t magically be where you expect them to be, create good automated ways to hunt for that type of stuff. It’s super easy to pick a time period and hunt for documents around that time. I use this technique relatively frequently on real engagements if I see password resets I’ll go hunt for documents modified on the password reset date to see if they have a document somewhere with passwords.

That’s a very good point. I also see how such an option as I previously talked about could be open to abuse if people just want to vent anger/frustration at a particular box/creator too. Just because of ‘lying to themselves’ as you explained.

I mean, if the people in the community that are actually good can complete a hard box within 24 hours, and others are shouting troll because they have been stuck on it for a week. The problem isn’t necessarily with the box is it?

I absolutely agree on this point. Just because something is hard to find or hard to solve doesn’t mean its troll or the Box sucks. I would rather ask myself, why cant I find the final part and what can I do to change that. Personally, i enjoy a hard Box more than a easy Box, even tho I havent done any of the 50 pts Boxes yet, since I have to learn before I should start them. But isn’t something like this one reason most people are here ? I can just speak for myself but I am here to learn and I would enjoy a Box which is insanely hard and forces me to learn more about a certain topic much more than a Box where I run through in some hours.

I don’t know how people can apologize for their insulting behavior and one-eyed attitudes and then just come back immediately with the same ad hominems? All I am asking is for people to focus on the facts.

Bighead wasn’t technically hard at all. It’s a troll box because where the flags should be there are troll messages instead. Anyone enumerating the box exhaustively/properly would be confronted with them throughout.

You’re never going to learn anything from a box you can’t get into. Exploiting this one requires good luck. You can keep anyone out of it just by sitting on the server refreshing your browser. It is the very model of a negative learning experience. You can run the exact same exploit as first blood but if you’re on EU Free at a certain time you are going absolutely nowhere.

Nobody complained about - of recent boxes Ethereal was much harder technically, Smasher amazing, Fighter has some very lame elements. All still popular - see the facts I presented earlier. I had an exploit which was a silver bullet every time on US VIP, does not work at all on EU VIP. No I don’t have either the time or inclination to triage your ■■■■.

Meh they’ll still insist it was great, people are just salty, lazy or both. Yeah whatevs.

@opt1kz

I accept I could be wrong about what I think at any moment in time. I’m willing to listen and change my mind if the argument is convincing.

I thought we had established this could be a polite discussion.

I really don’t get why you are such an angry guy (or girl… idk).

Anyway, Merry Christmas.

I sincerely hope you find some happiness. Really i do.

@Skunkfoot said:

@snowman418 said:

@3mrgnc3 said:
FYI BigHead if not designed to be a CTF style box. I just troll those who treat is as one…

You realize this entire thread is because of you and how childish you were in your bighead thread right?

Not really, this thread is about finding a mutual consensus for what the community wants so that machine authors can focus on providing content that they know people will enjoy instead of trying to guess.

Let’s get back on topic, and let’s also take a minute to appreciate the fact that the mods are being active and considering this feedback. They’re taking time out of their day to try to listen to our constructive criticisms and create a better, more enjoyable environment for all of us. We’re lucky to have mods who care and try to push forward great content at a pretty demanding rate.

I agree.

@albertojoser

Thanks, I’m glad you liked it.

Merry Christmas to you.
:heart:???

To mods and admins:

You guys are doing a great job for the task at hand.

With that said, I would take some of the good and bad from this thread.

IMO, the take away is possibly adding a category feature.

HTB has taught so many. Keep it up.

@opt1kz

No, I’m not that good at most of things in life.
But with a bit of luck maybe i can become as magnanimous as you one day.