HACKTHEBOX machines WITHOUT METASPLOIT use

why everone is using metasploit in solution.
Is there anyone who is providing solutions for these labs using manual method (acco oscp rules) - I am looking manual solutions for these machines (without metasploit/meterpreter)-
legacy
blue
devel
optimum
■■■■■■■
granny
arctic
grandpa
silo
bounty
jerry

there is no place to learn manually . how I am going to clear oscp without manual methods.

Why are You against metasploit? Msfconsole is my favorite program. Why? Because it is an inexhaustible well of information. (search query: “pentest “anything” metasploit”)

Type your comment> @ZloyObezyan said:

Why are You against metasploit? Msfconsole is my favorite program. Why? Because it is an inexhaustible well of information. (search query: “pentest “anything” metasploit”)


bcz in oscp exam , we can use metasploit only on one machine . I am preparing for oscp ans in exam we cannot use metasploit on all machines. so I am looking for manual methods . I love metasploit but I cant understand why oscp guys are not providing manual methods so that we can prepare for oscp.

Yes, I agree, this is completely incomprehensible. If you need to show the customer and so that he understands, msfconsole is the best. (And it’s possible to show via “Armitage” - this is movie and you are author and director)

check ippsec videos

Type your comment> @sazouki said:

check ippsec videos

yeah i checked his videos . he is also using metasploit in privilege escalation steps. am i overthinking about oscp? or these videos are more than enough to clear oscp? if you can help

Type your comment> @oscplover said:

Type your comment> @sazouki said:

check ippsec videos

yeah i checked his videos . he is also using metasploit in privilege escalation steps. am i overthinking about oscp? or these videos are more than enough to clear oscp? if you can help

That is not true. Ippsec’s vid for Optimum; he specfically does it without Metasploit first. Also Metasploit just makes it so you don’t have to:
A) Generate Shellcode
B) Compile code

Try to find some python scripts for exploits and you should be good.

I am having issues with Optimum…I can’t get the code he covers %00{.exec|ping myip to work or show up in my wireshark as ICMP monitoring tun0. If you can please please let me know - I think the box is broken??? It could be my VMware vnet0? Unsure really. Going to try and change my networking, but I can see ICMP when I do it so I don’t know :confused:

Type your comment> @junglemonkey said:

Type your comment> @oscplover said:

Type your comment> @sazouki said:

check ippsec videos

yeah i checked his videos . he is also using metasploit in privilege escalation steps. am i overthinking about oscp? or these videos are more than enough to clear oscp? if you can help

That is not true. Ippsec’s vid for Optimum; he specfically does it without Metasploit first. Also Metasploit just makes it so you don’t have to:
A) Generate Shellcode
B) Compile code

Try to find some python scripts for exploits and you should be good.

I am having issues with Optimum…I can’t get the code he covers %00{.exec|ping myip to work or show up in my wireshark as ICMP monitoring tun0. If you can please please let me know - I think the box is broken??? It could be my VMware vnet0? Unsure really. Going to try and change my networking, but I can see ICMP when I do it so I don’t know :confused:


I am sorry man. I dont watch his videos . I have another solution for optimum. if you want I can give you hints .

I’m relatively new to the whole pentesting scene and therefore metasploit too but as far as I know / encountered metasploit just makes things easier and/or quicker. You can most likely find the exploits used by the msfconsole and just use them manually

trying to clear OSCP too and is looking for a channel that doesn’t use metasploit

Yeah. It’s extremely lame that some of these boxes require msfconsole. I get it, it’s cool and easy, but it doesn’t really sharpen your skills past a certain point. We’re here to learn (■■■■, I pay for a subscription here to learn). Why force us to use crutches? And, while I understand that HTB isn’t specifically designed as a site for OSCP prep, I agree with other users that being forced into a heavily-restricted tool is a major problem for me.

Also extremely salty that I banged away at one of these machines for an entire afternoon when the solution was “just use metasploit lol”. Bad bad bad.

I’ve only use metasploit only once so far. I really try not to use metasploit or any scripts because I want to understand how the exploit works. My idea way of solving a box is reading how the exploits works, reading the POC scripts and then trying do the exploit manually, if I can.

Ramblings from a beginner:

I’ve had similar thoughts too, My ultimate goal is to get OSCP. Yes, it’s a bit rubbish when the solution is “Use MSF”, it’s a very good tool but doesn’t teach you a whole amount if you use it out the box. It seems to me that its real power lies in using it like an expert - writing your own exploits, payloads, tools etc. While this may be no good for OSCP, a complete understanding of how the MSF framework works means you can take your script kiddie solution which you have proven works, then use your knowledge to recreate the exploit using your own tools (like python - wow what a great language, where was that when I grew up with C and Pascal).

The normal (lazy) Metaspolit workflow seems to be:

  1. Identify exploitable application
  2. search in Metasploit
  3. try each exploit one by one until it works

The manual workflow (I guess) would be:

  1. Identify exploitable application and as much detail about its version etc.
  2. Google for all the CVEs
  3. weed out the CVEs that are not relevant (wrong version, not useful, not a relevant exploit type etc) and rank the remaining in order of ease of exploit/usefulness
  4. Google for example code for each exploit (including metasploit scripts)
  5. Adapt code as necessary, just enough that you can identify if the CVE is exploitable
  6. Once you have identified a working exploit, work on a reverse shell or appropriate, keeping it simple.
  7. Document your homemade exploit, so you have it for the future (for example during the OSCP - am I right in thinking you can preload your machine with your own scripts?)

The problem is, 3,4 and 5 might take a very long time and be very disheartening, especially if you mess up an exploit and end up disregarding an attack. However, using metasploit method first you can bypass these steps and still learn a fair bit. I say this, I’m yet to go back to old boxes and do this, but I plan to.

Metasploit after all is only a very simple framework around a ton of seperate tools, many of which are available as scripts you can adapt into your own code.