It’s been a while since I joined https://www.hackthebox.eu/. Probably more than a year. And I haven’t really had the time to spend trying to break into the machines, because of my university studies, but now summer is coming, so I will be able to dedicate more resources to it.
In case you don’t know the website, it’s a collection of vulnerable virtual machines that are designed to be hacked. It’s kind of a CTF (Capture The Flag) competition. Actually, even joining the website is a CTF challenge (sorry, I’m not giving away hints).
In about 30 minutes, I managed my first user own, with the Poison machine by Charix. To be completely honest, it was disappointingly easy. Disappointing in an unrealistic manner, as in: No real system administrator would set up his username account like that. So easy, in fact, I was able to obtain a shell in very little time.
In any case, I’m now stuck on the second step: Obtaining root privileges.
Most machines are set up like that: You need to gain user privileges, and then root privileges. You prove this by providing what’s called a “flag”. This flag is a secret string that you’re able to read only after you have reached the required privilege level.
I intend to dedicate at least one hour daily to learning security tools and breaking into HackTheBox machines (preferably, much, much more, especially during the summer).
You can follow me, and message me. I love challenges!