how to be like ippsec

Type your comment> @peek said:

maybe the HTB discord could make an interview…

This!

Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

Of course, you also need solid theoretical foundations so you gotta read and study things like networking, kernels, windows internals, etc, but that should come on its own if you’re curious and persistent.

Type your comment> @Xentropy said:

Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could probably compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

^^ this

it’s possible that to some limited extent some people are just inherently “better” at solving certain types of problems, but everyone can get to a point where they’re good enough that the difference is negligible.

in the beginning, it’s probably valuable to watch ippsec videos and read walkthroughs, but I’d argue the the most important things to learn are more about the process and less about the specific details.

once you have a process which will reliably help you to detect what seems strange or interesting about a box, I have generally found it to be the case that I can find the answers I’m looking for by googling. the most recent box (Jarvis) is a good example of this. I wasn’t immediately aware of how to escalate from a service account to a named user account, but I could tell nearly right away what type of problem it was and using that information I was able to figure out the solution using google. the same thing goes for the named user to root privesc. again in that case, just following standard privesc steps something stuck out right away, but it wasn’t something I’m very familiar with and it took a little googling to figure out how to take advantage of it.

the one thing i’d caution against is turning to the forum too early every time. in the beginning, if you don’t have the basics down, videos or help from the forum probably does give a sense that you’re learning a lot, but bear in mind that learning how to find the answers yourself can be an equally (or more) valuable skill in time.

in any case, if you invest the time and keep practicing, you will get better and eventually you’ll get to a point where you’re mostly having to look up little trivial things on a majority of boxes.

Many, many, many hours spent simply doing it, and doing the research that comes up along the way. It’s pretty much the path to becoming an expert at anything. Sorry that’s kind of boring.

you gotta eat sht to know sht

How did Keanu Reeves become John Wick? It’s the old adage, practice makes perfect. Work on every active machine and challenge here in HTB, and even CTFs you can get your hands on. Read write-ups and video tutorials from @ippsec. Do that long enough, you’ll be able to tell Morpheus, “I know Kung-Fu”.

I think it all boils down to an individual’s learning style. For me, I learn best by doing. And yes, write notes, lots of notes…

How do i become Kevin Mitnick please?

I believe practice and experience has a lot of roles to play in this field. You can join our HTB discord noob community. You will meet noobs and pro’s like Ippsec who are there to give you listening ears for your questions and challenges in solving HTB boxes and becoming better. use this invite link CYBER BADGERS Happy hacking.

Type your comment> @cyberus said:

How do i become Kevin Mitnick please?

rofl xDD allright man thanks for your advice,
anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can’t get anywhere without practicing like everyone said, i think i am on the right path then,
anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

for linux priv esc, i start that way:

forum and security…

Type your comment> @baltazzar said:

Type your comment> @cyberus said:

How do i become Kevin Mitnick please?

rofl xDD allright man thanks for your advice,
anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can’t get anywhere without practicing like everyone said, i think i am on the right path then,
anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

Hey bro i can of need your help am lost just new here here please

Type your comment> @Muzec said:

Type your comment> @baltazzar said:

Type your comment> @cyberus said:

How do i become Kevin Mitnick please?

rofl xDD allright man thanks for your advice,
anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can’t get anywhere without practicing like everyone said, i think i am on the right path then,
anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

Hey bro i can of need your help am lost just new here here please

Sure thing bro

Type your comment> @Xentropy said:

Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

Of course, you also need solid theoretical foundations so you gotta read and study things like networking, kernels, windows internals, etc, but that should come on its own if you’re curious and persistent.

This is inspiring. I’m at the point where it takes me a week to do a medium box, 45 days on here and I’ve only got 5 flags. Maybe if I can keep obsessing as hard as I have been for the past month and a half I can relate to your statements even more.

ok for my brothers , noobies and beginners like me , get Discord and join the community, lots of helpful people there,vip is important , it gives you much valuable experience, and if you need help come on discord, all the community help each other there, people are so good

It’s a pretty simple equation - Enjoy what you do and you will get good at it…Jump into the community and please please whatever you do, take a little but also give a little back to the community too.

@ippsec maybe it’ll be good tag him in and see if he can give us some tips.

@ippsec

I think the most important thing is to be organized and to have a logical methodology that you follow. Otherwise you will get information overload and you’ll probably waste a lot of time.

I find a good way to learn is to follow the mitre att&ck Matrix. Create a folder on your PC for each phase from initial access all the way through impact. Some phases feature a lot more than others in HTB. For example you don’t really deal with persistence or lateral movement all that much. But there is enumeration and privilege escalation involved in practically all the boxes so get really good at those. Start with the basics, learn how to enumerate the most common ports, learn all the tools, read their man pages, and understand exactly what they are doing and why. Anytime you learn something new note it down and put it in the relevant folder. Honestly it can take years just to get really good at enumeration & privilege escalation alone but start with the basics.

Type your comment> @baltazzar said:

@ippsec

personally I am wondering if he takes requests … I’d love to see him do a series on bin ex :smiley: be it

from beginner to ROPE / Player 2 root… level

running through all the tools, he flashes through a number in a bunch of videos of course, but … everything gdb, ghidra, radar, pwn tools etc from beginner up would be what I would ask for probably a lot to ask for but we can dream :smiley:

of course it doesn’t have to be @ippsec if anyone else wishes to do it I’d be just as happy to watch theirs and work through them

To be fair that would be worth serious donations on patreon :smiley:

With anything, consistency provides the best results. I’ve met a lot of people that want to be pentesters but don’t really have any type of schedule or plan to improve. This is one of those fields that require an insane amount of time to master. One of the main reasons I did the videos was to pressure myself into sticking with HackTheBox, as I’m sure many people would be disappointed if I stopped.

My suggestion would be to spend 3 days a week trying to learn. To start out, watch a video of a machine and read some walk-throughs on Monday. Wednesday, try the machine you studied on your own. Friday, attempt a different machine or do the machine along with the video.

Once you’re going, try changing it up. Monday attempt to do the machine on your own, Wednesday (even if you completed it monday) study the machine and take notes on what you could have done differently. Use the third day to read up on something, or try scripting a piece of the machine out to get familiar with Python. Not challenging enough? Try scripting it out in Go.

1 Like