Hack the Box: Script Kiddie

I got my first machine rooted!

Anthony Isherwood

3 minute read

The HTB Platform

Small Overview

Hackthebox.eu (HTB) is a great site to learn and practice penetration testing. Upon getting access, you have access to a wide variety of lab machines, which cycle in and out of use. New machines get added, while old ones get retired. Each lab machine has a bit of a reputation system, where users who obtain user and root privileges can rate the difficulty of the machine. You can also see how many people got user and root privileges on the machines. The whole platform has quite a bit of detailed statistics, tracking, and leader boards. A paid option is available as well for a little less than 12 USD per month. You can access retired machines, read official write ups, use unlimited machine resets, and have the machines run on less crowded labs and better hardware.

Getting an Account

But you can’t just sign up and get started. You have to do a little bit of work just to get an account on the platform. HTB doesn’t have a sign up form. It has a web page with a prompt for an invite code. You can find this page here. I’m not going to give away much here, but a little research and enumeration into the web application would be a good place to start.

The Community

This is actually why I like HTB more than other CTF sites. The HTB forums are fantastic. They are heavily moderated, but still give great insight. Quite often, you can go into a forum thread discussing the machine your stuck on and get some hints on how to proceed. The members are also helpful and friendly and usually encourage PM conversations to gauge where you’re at and where they can help out.

I’d be remiss if I didn’t recommend another community I find invaluable. The Penetration Testing Community Discord is a great place to be. There’s lots of people who are into HTB and other penetration testing related CTF sites. The community staff are also really solid people. Users are categorized by either their day job or by their interest in penetration testing. Currently, there are over 1300+ users in the discord server. I would highly recommend getting involved!

My First and Second Rooted Boxes

My first root on HTB was the Valentine box. It took me a couple hours to get the user and root flags, but the time spent was well worth it. I learned quite a bit figuring this guy out! The box wasn’t terribly difficult, and I would recommend newer users to give this a shot.

My second root was the Jerry box. This box was surprisingly easy. If you’re new to HTB, I highly recommend you try this one out first. While not very hard, the box does showcase common misconfigurations you would actually see in real life. I think that’s what gives this box it’s value.

Next Steps

I’m going to keep plugging away at HTB, and I’ll most likely opt for the VIP membership and really put some time into it. I’m confident that the knowledge gained here will be invaluable to my future pursuits. What a great site! Between HTB, Pentesterlab, and Vulnhub, I don’t think I’ll have much free time in the months to come.