Today I decided to hack Netmon on HackTheBox. While the machine gave me some frustration, it wasn’t because the machine was too challenging, but rather because the machine was buggy and didn’t function reliably. That being said, after wrestling with unreliable exploits and resetting the machine multiple times, I finally defeated the machine and captured its flags. As always, I created a walkthrough for the machine, so that my readers can see how I tackled the challenge.
This week I’m diving back into the PWK labs in preparation for my second attempt at the OSCP test. Since I’ll likely be disappearing for another couple months, I figured I’d leave you all with another HackTheBox walkthrough before I go. (I fully intend to make occasional posts throughout the course, but I had the same intentions last time, and we know how that turned out.) For this walkthrough, I decided to target Jerry, a fairly easy-looking Windows machine.
For this walkthrough, I decided to target FriendZone. This particular machine took me three days to complete, and I was cursing its creator the entire time. What’s worse? They retired the machine while I was sleeping, the night before I beat the machine, so I got no points for the accomplishment. Fake internet points aren’t as important as real-world experience. But it would have been nice to get the points.
My PWK lab access has ended, but I haven’t stopped preparing for the upcoming OSCP examination. I’ve been practicing on the HTB labs to sharpen my skills, and working on writing buffer overflow exploits so that I’m more comfortable with the process. I hope to write more tutorials once I’ve finished my OSCP journey, but for now I’m focusing primarily on studying. That doesn’t mean I’m going to leave you all high and dry, though.
With the start of my PWK course only three days away, I decided to try my hand at one of the newer HackTheBox machines, called Help. I chose this box for two reasons. First, it was rated as moderately easy, and had a more real-world, CVE approach instead of a brain-bending, unrealistic CTF approach. Second, I had attempted this box previously without success, and taking another stab at it would allow me to judge how much I’d learned in the previous month.