How to Win at “Hack The Box”
In this article, I’ll try to share a few tips that some of the Sentry staff and Cyber Academy students have for being good at Hack The Box. If you haven’t had the chance, you can read more about our experience and success in another Medium article we’ve posted.
If you’re reading this article you may have already signed up for hack the box and you’ve owned a box or two, however, you might find yourself struggling with some of the challenges. I’ve also been there — not being able to pop a shell for a while can be a mood killer. But fret not! The list below should help out on your journey of climbing the ranks in HTB as well as give you a general guideline on becoming better at Penetration Testing period.
- Train web application penetration testing.
I can’t stress how important this is! Nowadays, most Penetration Testing or Bug Bounty engagements are dedicated to web applications. Learning about web stacks is an absolute must if you’re gonna be going against well built applications in both CTFs and real life. This does not mean just spinning up a video or two, but rather doing some set up in a small lab and toying with the stack. Just going through new tech stacks can be exhausting (there’s a platform for everything now!). This is a long journey and should be paced well in order to not get overwhelmed by the size of the modern tech stack.
In addition to learning more about tech stacks, I highly recommend checking out a consolidated list of training environments over at OWASP, for an extensive selection, otherwise you can follow our suggestions and start with Mutillidae II which has a nice and large number of categorized and sorted challenges specifically built for training. We also recommend DWVA and WebGoat for a more educational experience.
Afterwards, head on over and jump on OWASP Juice Shop and other similar challenges that require you to practice and skill up your information gathering skills. It has a nice and modern stack, so make sure you pound it as much as you can. If you’re not bored yet and still have motivation to keep going, we highly recommend doing a couple of challenges at Vulnhub for fun.
- Set up / join a professional and diverse team.
There is a lot of content and challenges to go through. You may be able to do it alone but most of the fun is doing things together with friends and other professionals. From a competitive standpoints, It’s very difficult to have all the answers for all the boxes without running into a lot of frustration making for a very bitter experience. The benefits of having a good team are numerous. You can all take different vectors of attack, supplement each-others knowledge gaps, learn much faster, as well as create long lasting friendships.
If you want to join a team but can’t find someone to roll with, don’t hesitate to message me on LinkedIn . I’d love to try and introduce you to some cool people in the industry.
- Read all the whitepapers and reports.
All archived HTB Challenges have public whitepapers which can be read up online. There are a number of resources I recommend for write-ups:
Official HTB Forums — The community forums are full of write-ups each detailing different techniques for different boxes. It doesn’t even require to sign up to view them :).
Unofficial HTB Writeups — This is a GitHub repository that contains all of the possible write-ups, however, they may only be accessed upon completion of the challenges as they require the box flag in order to access the encrypted PDF-s. Maybe there is another way? ;)
CTF Time — An absolutely massive list of online write-ups for all of the major challenges across the world. This is an absolutely fantastic resource for learning more on Pentesting in general.
Reading about other peoples experience with challenges can help diversify your techniques and way of thinking as well as learn about new concepts that you may have not been exposed to before. In general, good write-ups will give you practical knowledge which you can easily capitalize in the real world.
When I first went into the Penetration Testing profession, I was given all of the technical reports ever done by my former teammates which amounted to hundreds. Studying their work skyrocketed my understanding of info-sec theory and made me appreciate their craft even more. I had gotten significantly better on a technical level after a few months of intense reading.
- Make friends. Ask questions.
This is also a very important factor! HTB is a community of individuals all competing but also helping one another. Do not be afraid to ask question in the forums, open threads, and communicate with others. If you’re stuck somewhere, don’t be afraid to DM some of the people that have completed the challenge. If anything, they might tell if you’re missing the mark completely or if you’re in the right track.
Try and join instant communication channels such as those on Discord or Telegram. You can make a lot of friends which can open up new opportunities in the real world as well.
There have been numerous occasions when a tip from someone from community helped us get out of a sticky situation with a challenge and vice-versa. I know we had some serious assistance with one of the boxes at one point — it was just something we did not have experience with very much. Ask and be humble when others ask for help.
- Boxes are usually simpler than you think.
There isn’t much to say here except for the fact that a lot of the time you might be overthinking the solution. Don’t skip steps and test out everything. You’d be surprised how many times you’ll be slapping yourself because of not going through checks step-by-step. Don’t assume that the obvious won’t work! I’d love to give you one wonderful example of this case but I won’t spoil any of the fun.
- Information Gathering and Automation
This article is getting a little too long and off topic. Stay tuned for a more technical article to help with Hack The Box challenges! In the meantime, head over to the Cyber Academy website and check out if there are any learning programs near you as well as read our previous Medium article on HTB.
