There have already been a lot of good responses but I think this is an interesting question lots of people have struggled with, so its good to have lots of perspectives.
@Jakeishtar said:
I have been at HTB for months … perhaps I refuse to look for help longer then I should
This is entirely a judgement call. IMHO learning is learning, wherever you get it from. If you are getting frustrated maybe it would help to reach out sooner. There is no “shame” in this and it doesn’t make you a lesser person.
… but when I do get help, its often a approach or exploit that I had no idea existed…
HTB Boxes (and all CTFs) have an element of “artificiality” - largely because they have to be exploitable in a certain path (but not other paths) and are trying to be different and original compared to other boxes.
This means that, sadly, it is a lot harder to get better by practice than it would be in the real world. You can pick up some good skills (such as enumeration) but most of the time the foothold/escalations are generally unique. (Or at least haven’t been seen for a “while”).
In some respects, this is a good thing. It keeps the boxes fun and makes it challenging for all skill levels. It does, however, lead to frustration.
The frustration is normal. Don’t give up, just accept the fact that it can take a long time to get better at HTB - and, importantly, you can be awesome at your job without being great at HTB.
Eventually, you will see techniques and exploits repeat themselves, but it can take a looooooong time.
Has anyone else ever just felt they should quit and stick with general IT. This evening I spent hours on a “easy” box getting no where, just to read in the walk throughs how easy it was.
I can’t emphasise enough, don’t use the rating of a box as anything more than a super rough guide. It’s set by the box creator and is, largely, a guess based on how much custom exploitation is needed. It is better to think of them as an easy box will, on average, be easier than a medium box.
It 100% does not mean it will be easy for everyone. Even the forums can be misleading here because people love to post “Rooted, that was easy” messages. Just because it is easy for them doesn’t mean it is easy (and I’ve seen at least two occasions where the people posting that had been asking for help on the quiet).
Also keep in mind a walkthrough only shows you the correct path, it doesn’t show all the things that went wrong, the hours spent trying different wordlists etc.
Once you know how to root a box it can look easy.
Using the retired box ForwardSlash as an example, finding the domain name is super easy with wfuzz IF YOU PICK THE CORRECT WORDLIST. If you dont, it is hours and hours of trying different ones but having the confidence to know you need to a domain name.
Going back to my earlier point, the problem is made worse by the fuzzing you need here being totally different from what you need to do to find a domain name on one of the active boxes. Learning how to fuzz on ForwardSlash doesn’t help you solve other boxes
Has anyone one at any point just feel like they do not have what it takes?
Yes. All the time.
Finally, I want to emphasise something @gnothiseauton said. That feeling of frustration is the realisation there is still more to learn. Try not to see this as a negative. Not one person was born knowing this. Every single person has to go through the stages of not knowing something then learning it. Remember that even ippsec had to learn things.
Infosec (Cyber|IT|Whatever you want to call it) is an industry where you should be learning constantly. I often meet people who learned things X years ago and decided that was it. They are always underperforming. By constantly challenging yourself you are getting better, even if it feels like you are always at the bottom of a hill of knowledge.