Getting started with HackTheBox

TLDR; you need to practice what you learn to retain the knowledge. Learning by doing sets you up for success right out of the gate.

First off remember to NOT try to hack systems in real world scenarios without permission, this has consequences even if you don’t mean harm. There are training platforms that allow advancing cybersecurity skills and HackTheBox is a popular choice. Single playground to practice skills in a safe environment makes things simple for noobs. It provides a host of vulnerable machines that simulate real world scenarios and gamified CTF style boxes in a boot to root premise. The gist of it is we penetrate the machine to get a flag set at an user level, escalate privilege to gain administrator rights on the machine to finally capture the root flag.

Signup for a free HackTheBox account; say we are non-technical interested in penetration testing, and open to new job opportunities. Yes, we will get a job when we are ready as the market has predicted 15% CAGR for the next decade. Verify your email and you are presented with the tour which says to connect to HTB with OVPN connection or their cloud instance Pwnbox, suggests starting point for beginners, introduces 300+ vulnerable machines at various skill levels and mini-challenges, says you will rank up as you solve them boxes and suggests joining 100k+ hackers on their discord to which we shall politely oblige. Learning without a community isn’t fun.

We shall pawn with Pwnbox route though and setup Open VPN to connect instead. Fire up your kali Virtual Machine, it’s time to get started!

After logging with kali/kali open up HTB in Firefox, go to starting point and jump on Meow, our first box to pwn. Click on CONNECT TO HTB to slide out the connection menu, select Open VPN and download .ovpn file. We need to download the configuration file for the Starting Point lab, each lab has different one.

Now fire up the terminal, we will move the config file to our home folder and rename it to something short like spt, and connect to our HTB lab.

mv Downloads/starting_point_{yourusername}.ovpn ~/stp.ovpn
nmcli connection import type openvpn file stp.ovpn
nmcli connection up stp

Congrats! we are connected to the lab and we can see our IP in the top right status bar. But notice we have lost connection to HTB website on the left. We have lost our internet connection, this happens as the VPN connection adds some default routes which we need to disable so we can simultaneously be connected to both the internet and have access to the lab. Let’s disable the default route, stop the VPN connection and connect back again

nmcli connection edit id stp
set ipv4.never-default true
set ipv6.never-default true
save
quit
nmcli connection down stp
nmcli connection up stp

Now we can see that we are online on HTB, now you can spawn machine which shows the lab machine IP when it is initialized. Okay time to take on the tasks. You can use HINT if you get stuck and highly recommend reading the walkthrough to add depth to your learning.

Let’s start answering these tasks

1. should be pretty obvious, it is the same type of machine that kali is running as.
2. we used this earlier to start up the VPN connection
3. this is the name of VPN service we used to connect to the lab
4. the answer prompt has *** try the first 3 letters
5. use hint for clue
6. use clue again, you should have paid attention to Introducing Kali Linux earlier
7. we mentioned this earlier in the premise of CTF boot to ____
8. login to the machine with service discovered at Task 7 using Task 8 user use — help to check how login with as a given user ls to list files and cat {filename} to read the flag

If stuck look at this screenshot for all them clues, consider it a New Year’s Day Gift

Submit the flag and you will be greeted with this screen

Congratulations! give yourself a pat on the back and dance on to the next box. Remember to pace yourself well and reflect back every step of the way. Go slow to prevent burnouts and remember to blog to teach what you learn.

CONCLUSION

We took the first steps in learning penetration testing. Keeping ourselves safe with Kali Linux running in VMware and connected to HTB using OpenVPN. Now it’s up to you on how you want to take this journey forward.