Yet more HackTheBox writeups...? Yes... and no.
SO many HTB writeups already exist... why another?
I have read many writeups, and they all walk you through what is required to get the flag. Sometimes, some of them will go down a couple of the false rabbit holes they checked out. The one thing they all have in common, is they all make me wonder "How / Where / Why". How did you figure that command was the next one to run? Where did you see/get the idea to go that direction? Why did do this unexpected thing?
I'm going to try to accomplish a few things... First, I want to get in to those details... not just what commands were the correct ones to solve the puzzle, but to get in to HOW I figured out those commands were to next to run, including the false rabbit-holes I go down (well, most anyways, the ones that are explanable anyways). I also want to get in to the InfoSec realm for work, and this is a fabulous way to "display" my talents on not just the Penetration Testing aspect, but also write up some reports that would be suitable to some C-Level execs. Though I have previously created some reports for C-Execs, they've never been for any kind of Pen Test like these, and I've never seen any either, so if you have any feedback to provide, feel free to let me know!
Over the past few weeks, I have personally witnessed a great divide in the InfoSec community on the topic of tools like Nessus and Metasploit. I am (very slowly) working through some Udemy training that covers the install and use of Nessus as part of a basic recon. Mere days later, as part of a technical interview for a Pen Test-type job, we did a shoulder surf HackTheBox, in which I was berated for even SUGGESTING the use of Nessus, for any reason (basic recon or no). Metasploit is another good one... Offensive Security's OSCP Certification exam explicitly denies the use of Metasploit. But I also recently underwent a crazy 72-hour hacking challenge as part of yet another technical interview, and Metasploit was a godsend for that challenge. When I first started to work on these boxes, I took the OffSec OSCP path, and strictly forbade myself from using those banned tools, but when it cdam time for the hacking challenge, I was left learning Metasploit on-the-fly just to make my life a bit easier.
In the end, there are pros and cons to each approach. So I am going to try and strike a bit of a middle ground between them. The boxes on TJnulls' OSCP-Like list will be tackled in a strictly OSCP-friendly manner, if for no other reason than to just prepare for it. But the REST of the boxes are going to get Nessus, Metasploit, and the like unleashed upon them, giving me some practice there too. I *THINK* this might be the best option to get exposure to both sides of that coin, but we'll see.
My free HTB 1-month VIP subscription has expired, so I won't be able to go through some of the retired boxes like I had been until now.
I also specnt 3+ days on Optimum alone, and though I got the user flag the first day, I couldn't ever get the root flag. Someday, I'll get another 1-month subscription, and I hope to re-tackle it then, but the REAL thing I learned here was that maybe hacking a box AND reporting upon it, all within a single day, may be a bit more aggressive than is reasonably acheivable. Maybe if I was already doing this on the day-to-day, but I find myself spending (wasting) *SO* much time chasing red herrings, that I just can't possibly acocmplish user and root flags for a box in a single day. I would need to already know what I am doing, rather than learning and figuring it out as I go.
I still fully hope and expect to continue doing these writeups, but perhaps at a lower pace. And I will need to focus on just the active boxes (and release the writeups once they retire) for now.