My Penetration Testing With Kali course begins in only a few days, and I'm both nervous and excited. Starting a new career, especially one as technical and complex as Information Security, can be very challenging and stressful. But I hope to mitigate that stress by being as prepared as I can be. One way to prepare myself is to gain as much hands-on experience as possible. This is the whole point of sites like HackTheBox: to gain hands-on experience that (in many ways) simulates real-world scenarios.
(This is a continuation from Part 1 of the walkthrough.) And we're back! In my last walk-through, I gained access to the user account of Orestis and nabbed the user.txt flag for the Brainfuck system on HackTheBox. After a much-needed break, I returned to the system to see if I could gain access to the root account and nab the root.txt flag. All in all, this was quite a challenging system to defeat, but I got it in the end!
A few days ago, HackTheBox updated the list of available retired boxes, deactivating some while re-activating others. One of the boxes they reactivated happened to be the second box in my list of OSCP-Like Linux systems, affectionately named “Brainfuck.” With such a monicker, I assumed this machine would be quite challenging, and based on the reviews by other users who had completed the challenge, it seemed my predictions were correct:
Two posts in one day? That's right! I've been up all night playing with HackTheBox, and I'm here to present my second write-up. As with my last write-up, I'm working my way through the OSCP-Like HTB machines. This time, I chose to try my hand at the system called “Beep.” I wanted to go in order, but many of the boxes weren't online. “Beep” was the first live machine I found as I went down the list.
Greetings friends! I was advised by some of my fellow OSCP aspirants to check out some of the retired HackTheBox machines in preparation for starting my PWK course. So I went ahead and coughed up the dough to buy a HTB VIP account, and got to work. Having been informed that Metasploit use would be restricted in the OSCP exam, I decided to challenge myself to hack each machine without the use of Metasploit, so that I would be better prepared for the test.