Just the tip with pentesting

Early forays into pentesting, saved here for posterity. Unfortunately, it didn't work out. It was me, it wasn't pentesting. Okays, enough dirty puns.

Walkthrough Layout

In the past few months of hacking on platforms such as TryHackMe and Hack the Box, I faced a few recurrent issues:

  • not knowing about the existence of a tool or technique which is required for the room

  • being unsure if the path I was on was the right one or a rabbit hole

  • wishing alternative methods of initial exploitation and privilege escalation were shown

While there are plenty of walkthroughs for almost any room, I wanted to learn about the necessary tools/techniques before attempting the room, instead of reading halfway and quickly backing out to avoid spoilers. I also wanted a quick affirmation if I was indeed headed down the right path with minimal spoilers.

The result is the structure which I apply to all my walkthroughs, and I hope it helps folks like myself have a smoother learning curve.

  • Tools For This Room a list of all the tools needed with a brief explanation, along with where to download them, and any other special requirements such as compiling

  • TL;DR / Executive Summary markers to ensure you're on the right path

  • Scanning & Enumeration the discovery phase to learn as much as possible about the target

  • Gaining Foothold how to get the initial access (shell, login creds, etc)

  • Privilege Escalation rooting the system

  • Alternative Methods I try to include interesting exploits/privesc methods from other walkthroughs, with links to those included

Please do note that we will cycle through enumeration and exploitation throughout the process, and the phases above (Scan, Foothold, PrivEsc) are meant to serve as rough markers for readers who would like to get straight to a certain section.

Lastly..

Although most folks are aware of this, I'd like to reiterate that while these walkthroughs appear smooth, with the right vulnerability being found at almost every turn, my attempts at the box are far from such, and failed attempts were omitted for the sake of brevity. I too went down many rabbit holes, or spent hours combing through the process due to fat-fingering a typo. In short, please use this as a guide, and don't give up!

Actual footage of me hacking
PreviousLog ParserNextHTB - Devel

Last updated

Was this helpful?