Type your comment> @Center said:
I think I can safely assume you are a total beginner at this.
The main focus of HackTheBox is to offer it’s members a chance to practice/learn penetration testing by making self-made machines available which consist of particular vulnerabilities which have to be identified in order to score points.
Each machine has it’s own ranking (easy, medium, hard, insane). These rankings determine how many points you get but also how advanced your exploits and pentesting techniques have to be.
For each machine you get the IP-address of that machine. You have to employ reconnaissance techniques in order to gather information about the machine and figure out one or more attack vectors.
Once you gathered access to the machine in one way or another it should be possible to read the user.txt file which has a standard location on a machine. After gaining user rights the goal is to find further attack vectors in order to escalate privileges from the user to root/admin which is generally the highest privilege on a machine.
We would prefer the standard locations for the flags:
Windows
user.txt: C:\Users\USERNAME\Desktop\user.txt
root.txt: C:\Users\Administrator\Desktop\user.txt
*nix
user.txt: /home/USERNAME/user.txt
root.txt: /root/root.txtHope this helps.
Most (?) members use Kali Linux which comes with hundreds of tools which can help you gather information, exploit and escalate through the machines.
I would sincerely advise you to watch IPPSEC video’s on YouTube on easy boxes like Jerry, Lame, Bashed, Poison.
He explains in great detail and very clearly how to attack a machine. You can learn tons from him.Note: in order to work along IPPSEC you have to have a VIP account in order to complete the boxes mentioned before. They are retired and only accessible if you have a VIP account.
Thanks Bro I really appreciate it thanks