I noticed there has been a ton of enthusiasm and excitement around HackTheBox. I’ve enjoyed using it as a practical learning platform and thought I’d share a few tips and tricks.
1. Picking your OS
One of the more important aspects to getting started with HTB is setting up your pentesting box. For most people, this is likely the first time you have considered an OS outside of Windows or Ubuntu. These are the common pentesting oriented distributions you will see in the wild:
Kali Linux - https://www.kali.org/downloads/ (Recommended for most users. Most popular pentesting OS)
ParrotOS - https://parrotlinux.org/ (Recommended for those who are more privacy minded)
BlackArch Linux - https://blackarch.org/ (Recommended for Advanced users. Arch can be difficult to maintain and set up)
There are tons of opinions out there, but I’d recommend sticking with Kali Linux. The KDE environment is much more modern and pretty, but I personally am still using XFCE.
2. Setting up your VM
Once you have settled on a OS, the next step is to choose if you are going to run it in a hypervisor or bare-metal. If you choose to go the VM route my absolute recommendation for VMs is going to be VMWare Workstation Player.
It’s free to use for home, it supports GPU acceleration, 64-bit VMs (this used to be an issue with VirtualBox, but is no longer the case), works on both Windows and Linux, and runs my VMs fantastically. I was primarily a VirtualBox / Hyper-V user until someone convinced me to try it.
A few quick recommendations to ensure you are as relatively safe as possible…
2.1) YOU ARE CONNECTING TO ANOTHER NETWORK
This is one a lot of people don’t think about. While HTB does what they can to keep everyone secure… this is a platform for hacking techniques. Keep that in mind.
In order to provide some form of protection, make sure you keep your VM in its own network through NAT. (Advanced users who may wish to utilize bridged mode are recommended to implement VLANs. Separating your private equipment from your lab equipment)
This ensures that, if for some reason, someone on HTB manages to break through the security… the rest of your network is relatively safe. It’s much harder to break out of a VM when you keep the holes plugged.
2.2) ONLY UTILIZE HOST-VM FILE SHARING IN LIMITED CAPACITIES
If you find yourself in the need of moving files from your host machine to your VM, you can use the built in tools that facilitate that. Whether it’s through a shared clipboard or through shared network drives. Just remember, this opens up an additional connection for someone to escape the VM.
Personally, I recommend using a private Github and cloud account to move code or files between your boxes.
3. Hack this Box
Now, you could cheat yourself out of the experience and find a tutorial out there… as was mentioned in the meeting, they do exist. However, I encourage you all to at least give it your best attempt to see if you are ready for the challenges you are going to face.
The Hint: Strike F12
4. Simplifying the hunt
Once you get in, you’re going to want to just jump right in and get started. Before you do, I’ve got a couple suggestions. Most people are going to have differing opinions on how to go about tweaking their environment, but I recommend you explore your OS and tweak the UI to your liking. Explore the tools available in each category, and familiarize yourself with your new toy. In addition, here’s a few universally useful ideas.
4.1) Set up an alias for connecting to the HTB servers using OpenVPN. This will just shorten the time to connect
alias htb="sudo openvpn U03A9.ovpn"
4.2) Create a directory for HTB, and directories for each box within
mkdir ~/HTB mkdir ~/HTB/Forest
4.3) Utilize file output flags within your tools to generate a paper trail for yourself. It is much easier to go back and look over what you’ve already done if you find yourself on a box for hours
nmap -sC -sV -oA ~/HTB/Forest/nmap_initial_scan 10.10.10.161 -sC - Run default scripts -sV - Probe port for service and version -oA - Output to file
4.4) BACKUP YOUR PAPER TRAIL. Something I failed to do early on was tar up my machine folders and store them in my Github for future reference. I experienced a spinning drive failure, and that was the last of that VM. RIP.
Be absolutely certain that wherever you store your information, it is not accessible to the public. Spoiling machine details while active can lead to suspensions. Avoid outright sharing flags and don’t hold onto a flag for later, redeem it as soon as possible. See HTB announcements for additional details.
tar -czvf forest-writeup.tar.gz ~/HTB/Forest
5. Picking your first victim
Now, I can only give you a subjective opinion of what I find difficult based on the current active machines (3/19/2020).
Forest - Windows Box - Easy user flag
Traverxec - Linux Box - Relatively easy user & root flag
Resolute - Windows Box - Easy user flag, slightly more difficult root flag
Obscurity - Linux Box - This box is both stupid easy and obscenely frustrating. Security through obscurity.
HTB can be quite a bit harder than your typical CTF platform. Rules regarding public hints and spoilers basically ensures there is a limited amount of information available to help you hack that specific machine. This platform is going to expect a lot of research and cunning out of you, so make sure you have your Google-Fu blackbelt.
If you are new to the world of CTF, I would recommend starting with Bandit on https://overthewire.org/wargames/ as this will help familiarize yourself with basic enumeration techniques inside a Linux machine. In some cases, you may even have to exploit a flaw in a linux bin in order to continue. It’s great fun.
I’d also highly recommend watching some of the tutorials by Ippsec to familiarize yourself with some of the common approaches you can use across boxes. For example, I typically run the same initial nmap scan that he does. Afterwards, I utilize some of my own customized scripts or scripts developed by the nmap community to provide me additional output. I also use them to automate multiple tools so I can run a single command and walk away.
6. Additional tools
Additionally, here are some other great references and tools I’ve used in my learning process
This post will likely continue to grow over time, and I encourage other veteran HTB players to share what tools they find helpful. And remember…
Keep calm, and Hack This Box™
Good luck out there!
If you found this helpful, consider throwing me some respect:
Find me on Discord: