how to be like ippsec

How do i become Kevin Mitnick please?

I believe practice and experience has a lot of roles to play in this field. You can join our HTB discord noob community. You will meet noobs and pro’s like Ippsec who are there to give you listening ears for your questions and challenges in solving HTB boxes and becoming better. use this invite link CYBER BADGERS Happy hacking.

Type your comment> @cyberus said:

How do i become Kevin Mitnick please?

rofl xDD allright man thanks for your advice,
anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can’t get anywhere without practicing like everyone said, i think i am on the right path then,
anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

for linux priv esc, i start that way:

forum and security…

Type your comment> @baltazzar said:

Type your comment> @cyberus said:

How do i become Kevin Mitnick please?

rofl xDD allright man thanks for your advice,
anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can’t get anywhere without practicing like everyone said, i think i am on the right path then,
anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

Hey bro i can of need your help am lost just new here here please

Type your comment> @Muzec said:

Type your comment> @baltazzar said:

Type your comment> @cyberus said:

How do i become Kevin Mitnick please?

rofl xDD allright man thanks for your advice,
anyway thanks guys for your advices and thanks a lot for all the people who replied , it seems that we can’t get anywhere without practicing like everyone said, i think i am on the right path then,
anyway thanks a lot for sharing your thoughts and experiences with me , and a problem of any noob is the privelege escalation,is there anything like a research or something that makes it a little bit not complicated ! i mean i find it a bit hard to privelege escalate and sometimes impossible, so any help regarding that will be appreciated, i will join D2D ,Thanks a lot .

Hey bro i can of need your help am lost just new here here please

Sure thing bro

Type your comment> @Xentropy said:

Idk, it just all seems like it comes down to practice for me. The more boxes I do the easier the harder ones get. When I started on this place over a year ago it took me almost a week to do a medium box, now I could compete for first-bloods on them if I cared to stay up during the weekend nights to work on them.

Of course, you also need solid theoretical foundations so you gotta read and study things like networking, kernels, windows internals, etc, but that should come on its own if you’re curious and persistent.

This is inspiring. I’m at the point where it takes me a week to do a medium box, 45 days on here and I’ve only got 5 flags. Maybe if I can keep obsessing as hard as I have been for the past month and a half I can relate to your statements even more.

ok for my brothers , noobies and beginners like me , get Discord and join the community, lots of helpful people there,vip is important , it gives you much valuable experience, and if you need help come on discord, all the community help each other there, people are so good

It’s a pretty simple equation - Enjoy what you do and you will get good at it…Jump into the community and please please whatever you do, take a little but also give a little back to the community too.

@ippsec maybe it’ll be good tag him in and see if he can give us some tips.

@ippsec

I think the most important thing is to be organized and to have a logical methodology that you follow. Otherwise you will get information overload and you’ll probably waste a lot of time.

I find a good way to learn is to follow the mitre att&ck Matrix. Create a folder on your PC for each phase from initial access all the way through impact. Some phases feature a lot more than others in HTB. For example you don’t really deal with persistence or lateral movement all that much. But there is enumeration and privilege escalation involved in practically all the boxes so get really good at those. Start with the basics, learn how to enumerate the most common ports, learn all the tools, read their man pages, and understand exactly what they are doing and why. Anytime you learn something new note it down and put it in the relevant folder. Honestly it can take years just to get really good at enumeration & privilege escalation alone but start with the basics.

Type your comment> @baltazzar said:

@ippsec

personally I am wondering if he takes requests … I’d love to see him do a series on bin ex :smiley: be it

from beginner to ROPE / Player 2 root… level

running through all the tools, he flashes through a number in a bunch of videos of course, but … everything gdb, ghidra, radar, pwn tools etc from beginner up would be what I would ask for probably a lot to ask for but we can dream :smiley:

of course it doesn’t have to be @ippsec if anyone else wishes to do it I’d be just as happy to watch theirs and work through them

To be fair that would be worth serious donations on patreon :smiley:

With anything, consistency provides the best results. I’ve met a lot of people that want to be pentesters but don’t really have any type of schedule or plan to improve. This is one of those fields that require an insane amount of time to master. One of the main reasons I did the videos was to pressure myself into sticking with HackTheBox, as I’m sure many people would be disappointed if I stopped.

My suggestion would be to spend 3 days a week trying to learn. To start out, watch a video of a machine and read some walk-throughs on Monday. Wednesday, try the machine you studied on your own. Friday, attempt a different machine or do the machine along with the video.

Once you’re going, try changing it up. Monday attempt to do the machine on your own, Wednesday (even if you completed it monday) study the machine and take notes on what you could have done differently. Use the third day to read up on something, or try scripting a piece of the machine out to get familiar with Python. Not challenging enough? Try scripting it out in Go.

1 Like

alright,let’s do as ippsec said guys :slight_smile: , thanks a lot everyone for your help, i think it is all about consistency then,
Thanks everyone for your time and effort

As a beginner of htb player , i found myself stuck on a box for many days (sometime even easy box). I wonder should I skim through alot more ippsec video to build some common methodology or this is a common stage all beginner should go through? The former approach make me worry that I may miss the opportunity to develop proper intuition on problem solving but the later one take too long and sometime i lost the passion abit…

Any tips ?

ps: i haven’t tried any hard or insane box yet… still hanging on easy and medium as I am very slow in finishing those ones…

I think to reiterate everyone else, it takes time and patience. I’ve work in all facets of IT (except programming) and I think having that back end knowledge helps me understand what I’m looking at a bit, but ultimately it didn’t prepare me at all to take on the challenges of these boxes.

This skill set requires you to use new tools that you may not be 100% comfortable with or even old tools that you’ve only touched on their capability. I’ve found that learning syntax for these things has cost me more time than actually enumerating boxes.

The single biggest take away from starting HTB and pen testing in general is always having a plan or “playbook”. If you see port 80 open in nmap you do “x”, if you see an odd service you do “y”. There’s always a necessity for deviation from the norm, but having a solid flow for enumeration is key to being successful.

To be like ippsec, first you have to start with nmap -sC for default scripts, -sV for enumerate versions, -oA to save all outputs… and then you take it from there.

Type your comment> @squid22 said:

To be like ippsec, first you have to start with nmap -sC for default scripts, -sV for enumerate versions, -oA to save all outputs… and then you take it from there.

LOL

This might take some time so I already run it

I love @ippsec videos myself. That is how I discovered HTB in the first place. Watching him rooting the boxes gave me a good understanding of how to do the proces and started trying boxes. The rest is up to: reading, trying, trying harder and enjoying the ride!