Discovering Hack The Box
Hack the Box was a site I knew about at some point in the past, but at the time it was an invite-only beta or something of the sort. A friend brought it back to my attention recently. I had a couple of days off of work and I figured I’ll give it a try. I’m glad I did.
The big thing HTB gave me is a structure for learning more hacking. I’ve been trying to push myself to do more cybersecurity forever. I took some online courses, the security+ exam, even fooled around with my network… that just it: “fooling around” is all I could do. HTB gives me a goal, a direction, and walkthroughs for when I got stuck to learn from.
Speaking of walkthroughs, that’s the other thing HTB is great for. It’s like going to school, just better. You know what you’re supposed to do, but you only have limited knowledge to get there. So you open up the walkthrough and you see what you should have done. HTB’s machines are popular enough at this point that someone somewhere came up with a solution. I’ve probably spent 5 minutes reading up the next step after I was stuck, and then 55 minutes learning what tools were used, how, and why. Here’s a general list of what I’ve learned this last weekend:
- nmap: methods, options, and built-in scripts1.
- Metasploit: refresh on loading modules, setting these up, and launching.
- how to search certain vulnerabilities (CVEs) and find them in Metaspolit
- IP/Domain/DNS refresher and the hosts file.
- bonus: KVM on Linux, installing and optimizing2.
Why learn to hack? Because you got to assume someone will always try to hack you. On my online privacy journey, this is just one more area I should be familiar with so I know how to keep my data secure. It teaches you many important things in little time: networks. Security. Virtualization. And it’s just fun.
One thing I didn’t know about Nmap is that it comes with a built-in vulnerability scanner, available as one of it’s many other options. Turns out it’s quite effective at hinting at what I should go for next. ↩︎
The simplest way to have all the tools you need to play HTB is to have a Kali Linux install ready. Since I’m on Linux, the easiest thing for me was to prep a KVM. Some aspects of the KVM are not as obvious as they would be on vmware or virtuabox though. For example, copy-paste from the host to the guest and vice versa is not working and there’s no obvious way to start it, so I had to do some research. Screen resolution (so the KVM Windows is a bit bigger than the default) is also something that doesn’t work right on all KVMs. Folder sharing between the host and the guest is yet another thing I got used to in VMware, but does not work in KVM. I managed to solve all of these issues, but it takes some time to find the different work-arounds. ↩︎