Getting Started with HackTheBox 12-02-2018, 05:28 PM
#1
Introduction
HackTheBox (HTB) is a very well known and excellent place to hone and sharpen your skills as a hacker and reverse engineer (cracker). Like all the other tutorials by me (and my team, Square Software), this will be focused on using, installing and working in Ubuntu (a Debian based Linux).
Invite Code
To join this marvelous network of VPN's and become a great hacker and make some new friends (and enemies) you will need need an invite code. This invite code is hacked and not given (although I'm sure you can Google for it). I suggest trying to find it for yourself, otherwise, you're not really becoming a hacker. It's simple, just look around, poke, read, etc.
OpenVPN
You will need to install OpenVPN if it's not already installed.
Starting OpenVPN with Credentials
You can visit the Access page to get your credentials for signing into the HTB OpenVPN. On this page you will see two sections, the one on the right gives a description on how to initiate the connection to HTB and a file to download and use with OpenVPN. You should be able to visit this link and get your connection file (after you have logged in). Once you log in, refresh the stats box on the left of the access page and you should now see a green check next to the "Connected" setting.
![[Image: FDGk85Q.png]](https://i.imgur.com/FDGk85Q.png)
Your First Box
On the left hand side, in the menu, there is a link that says machines. Under this link you will see a list of machines that are active, retired, unreleased, etc. Click on the Active link to get a list of machines you can currently hack. If you are a beginner you will want to look for difficulties where the green is in the front, if you are more advanced, the red in the back of the graph are for you.
![[Image: avUBADT.png]](https://i.imgur.com/avUBADT.png)
Let's start with the one called Active (which may not be in the list when you are reading this), but it's in the image above. You can see that it's IP is 10.10.10.100. Just like in a real-world scenario, let's find some open ports with nmap. We already know it's a Windows machine from looking at the stats in the list. Below is my first go-to scan for finding initial ports and information about a server.
![[Image: fienjMM.png]](https://i.imgur.com/fienjMM.png)
What to Do
So what exactly are you supposed to do? You pwn the box, that's it. When you have root/admin access you will go back to HTB and click on the machine you are inside, in our case it's called Active. At the top of the graph you will see a few boxes, one says Own User and another says Own Root. Clicking on one of these will open a modal window with instructions.
![[Image: 3YXTSre.png]](https://i.imgur.com/3YXTSre.png)
HackTheBox (HTB) is a very well known and excellent place to hone and sharpen your skills as a hacker and reverse engineer (cracker). Like all the other tutorials by me (and my team, Square Software), this will be focused on using, installing and working in Ubuntu (a Debian based Linux).
Invite Code
To join this marvelous network of VPN's and become a great hacker and make some new friends (and enemies) you will need need an invite code. This invite code is hacked and not given (although I'm sure you can Google for it). I suggest trying to find it for yourself, otherwise, you're not really becoming a hacker. It's simple, just look around, poke, read, etc.
OpenVPN
You will need to install OpenVPN if it's not already installed.
Code:
(xenial)sunjester@localhost:$ sudo apt-get install openvpnStarting OpenVPN with Credentials
You can visit the Access page to get your credentials for signing into the HTB OpenVPN. On this page you will see two sections, the one on the right gives a description on how to initiate the connection to HTB and a file to download and use with OpenVPN. You should be able to visit this link and get your connection file (after you have logged in). Once you log in, refresh the stats box on the left of the access page and you should now see a green check next to the "Connected" setting.
Your First Box
On the left hand side, in the menu, there is a link that says machines. Under this link you will see a list of machines that are active, retired, unreleased, etc. Click on the Active link to get a list of machines you can currently hack. If you are a beginner you will want to look for difficulties where the green is in the front, if you are more advanced, the red in the back of the graph are for you.
Let's start with the one called Active (which may not be in the list when you are reading this), but it's in the image above. You can see that it's IP is 10.10.10.100. Just like in a real-world scenario, let's find some open ports with nmap. We already know it's a Windows machine from looking at the stats in the list. Below is my first go-to scan for finding initial ports and information about a server.
Code:
(xenial)sunjester@localhost:~$ nmap -sV -vv 10.10.10.100What to Do
So what exactly are you supposed to do? You pwn the box, that's it. When you have root/admin access you will go back to HTB and click on the machine you are inside, in our case it's called Active. At the top of the graph you will see a few boxes, one says Own User and another says Own Root. Clicking on one of these will open a modal window with instructions.
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)
![[Image: AD83g1A.png]](http://i.imgur.com/AD83g1A.png)
