With the start of my PWK course only three days away, I decided to try my hand at one of the newer HackTheBox machines, called Help. I chose this box for two reasons. First, it was rated as moderately easy, and had a more real-world, CVE approach instead of a brain-bending, unrealistic CTF approach. Second, I had attempted this box previously without success, and taking another stab at it would allow me to judge how much I'd learned in the previous month.
My Penetration Testing With Kali course begins in only a few days, and I'm both nervous and excited. Starting a new career, especially one as technical and complex as Information Security, can be very challenging and stressful. But I hope to mitigate that stress by being as prepared as I can be. One way to prepare myself is to gain as much hands-on experience as possible. This is the whole point of sites like HackTheBox: to gain hands-on experience that (in many ways) simulates real-world scenarios.
(This is a continuation from Part 1 of the walkthrough.) And we're back! In my last walk-through, I gained access to the user account of Orestis and nabbed the user.txt flag for the Brainfuck system on HackTheBox. After a much-needed break, I returned to the system to see if I could gain access to the root account and nab the root.txt flag. All in all, this was quite a challenging system to defeat, but I got it in the end!
A few days ago, HackTheBox updated the list of available retired boxes, deactivating some while re-activating others. One of the boxes they reactivated happened to be the second box in my list of OSCP-Like Linux systems, affectionately named “Brainfuck.” With such a monicker, I assumed this machine would be quite challenging, and based on the reviews by other users who had completed the challenge, it seemed my predictions were correct:
Two posts in one day? That's right! I've been up all night playing with HackTheBox, and I'm here to present my second write-up. As with my last write-up, I'm working my way through the OSCP-Like HTB machines. This time, I chose to try my hand at the system called “Beep.” I wanted to go in order, but many of the boxes weren't online. “Beep” was the first live machine I found as I went down the list.