So it’s been a couple months now, and I’m feeling great about everything that I’ve accomplished. I started out just going after every challenge that I could find, and mostly, I was able to accomplish success.
Shortly into my journey, I realized that I would have much better success with my learning if I were to separate tasks. I have been at the learning game for my entire life, always seeking more knowledge on everything that I do; and I’ve learned a few things about how learning can be best accomplished.
For the task of learning more about hacking, it would be the easy button to go ahead and pwn each box from start to finish. Do the scans, find the foot-hold, get in, then privilege escalate based on some further enumeration. That, however, is not the right answer if you want to get the maximum amount of learning out of each task! Therefore, I separated my learning into compartments that will yield a much greater result.
For this status report, I would like to define what I’ve done to separate those tasks. First and foremost, I have signed up for as many Capture The Flag (CTF) challenges out there. Even though I wasn’t able to ‘win’ the entire challenge, I ended up winning in my own way. I was able to explore the minds of so many that came before me who create these challenges. In doing this, my mentality as a hacker grows.
Aside from the CTFs, I then limited myself to the ‘Foot-hold’ as I call it. The entry into each system that will then give me the opportunity to learn more as I do the privilege escalation later.
The TryHackMe boxes are awesome, because they lead you through both the foot-hold and the privilege escalation… but they don’t really challenge you in a way that makes you think like a hacker. I would like to think that in my case, it’s because I’m already past the novice part of learning how things work. I’ve been doing the technology thing for quite some time, and absolutely know my way around systems. When I find myself knowing exactly how to navigate based on that experience, I also find myself wanting to press on and make my brain work harder.
Knowing this, I moved on to the HackTheBox challenges. It’s been exactly what I needed. I began pwn’ing these boxes from start to finish… meaning that I was getting a foot-hold, then continuing with the priv esc part of the challenge to get the root flag. Although it was extremely gratifying to pwn a box from start to finish, I felt that time was something that I was losing. It’s not that I have a time-frame to which I am trying to learn all of this, not at all… it’s more that I want to get an entire grasp of what seems to be an infinite amount of knowledge to be gained by only concentrating on the foot-hold.. the first part of pwn’ing a box.
There are so many ways to attack a box, but quite frankly, there are only a limited amount of ways to priv esc. In knowing this, I made a decision. I wanted to go ahead and press through each and every one of the HackTheBox (HTB) challenges that were available through my subscription to see each attack vector that is used to create them.
I won’t lie, there are quite a few that have been a disappointment. I wanted to get in on my own, and gain that foot-hold myself! But that’s not the way I’m going to allow this to work. I don’t have an ego, and I won’t allow myself to think that I can just do this on my own… most of it, yes… but when I hit a wall after doing all of the enumeration that I can, I need to know that it’s okay to go ahead and get the nudge from a tutorial. You’ve probably seen that in many of my posts where I get the nudge and move on.
So for this status, I am acknowledging that my intention is to hit every HTB challenge that I can, and take note of each one that would be an awesome box to revisit for privilege escalation. At the same time, I will continue with every course that I can (Udemy is my primary source) to learn about priv esc and contemplate the massive amount of hacking that I will do when I am complete with my first personal challenge… to get a foot-hold on everything.
I acknowledge that some of these boxes may go away because of the time frame that I’ve set… it’s fine… there will be constant challenges. If I return to a box, and it no longer exists, I will move on to the next without hesitation.
It’s imposible to descibe how full my heart is in doing exactly this strategy. Throughout the day, I constently think about the techniques I used the night before, and how I can expand on that knowlege. It’s wonderful!
If you’re reading this, you may be on a time-crunch in your learning, and may be able to tackle this whole world in minimum time… but I caution you! Always remember that hackers want to know everything from start to finish. If you’re blasting your way through learning, you may miss things… many things. Take your time and learn absolutely everything that you can. Most especially, learn about the mentality of the people who came before you.
Enjoy the journey!