Hack The Box Methodology

Hack The Box is an online platform that allows users to test their offensive cybersecurity skills and exchange ideas and techniques with other members. I started developing and practicing my offensive skills on Hack The Box several years ago, and while I’ve never had a desire to work in penetration testing, I was able to significantly improve my blue team skills. As a defender, understanding offensive techniques can help to identify and defend against them.

There are several ways that you can approach the challenges on HTB, and after several years of practice, I’ve found what works best for me to make the most of the platform. I thought it might be help to share my Hack the Box methodology.

Information Gathering and Setup

There is always some information gathering and setup required but it doesn’t take much effort. Here’s how I get started:

  1. Start the machine and copy the IP address
  2. Create a directory for the box
  3. Add the machine name and IP to my /etc/hosts file
  4. Start burp suite and set foxyproxy to use burp as the proxy
  5. Start cherrytree and save the file in the box directory for notes

Scanning and Enumeration

Scanning and enumeration is usually where I place a lot of effort. Thorough scanning and enumeration is key to gaining the initial foothold on the machines. Here’s my process:

  1. Start with an Nmap scan.
  2. Simultaneously run a few tools for directory brute-forcing. I always assume there will be a website listed.
  3. Analyze the findings to determine next steps. If I find some interesting URLs, I will explore those and get them mapped in burp.
  4. Explore the website. Look through the website to see any types of interesting details like the name of a specific technology that I can research for CVEs that might be useful.
  5. Explore any interesting ports.

Community Support and Exploitation

Many of the challenges are related to CVEs that were published and you can find write-ups and/or POC scripts for the exploit. I usually read through the write-ups and try to determine how to apply the exploit in that specific instance.

If I get stuck and don’t know how to proceed, I usually check if there’s an exploit available in Metasploit or some other tool that I can review and/or modify.

If I don’t see an exploit available, I look at the forums. Unless it’s a new box, you can read the forums and get some good ideas on how to proceed. For a new box, you can inquire about your discoveries without disclosing excessive details or breaking any rules, and the community will offer clues.

Post-Exploitation

You will likely land on the box in a lower privileged user, and the post-exploitation phase in HTB is usually where you need to elevate privileges to gain root access and get access to the root flag. There are a few ways to approach this, and I often change my approach. Here’s my usually process:

  1. Start by checking the sudo capabilities. This will usually lead to a script directory that you need to interact with some how.
  2. I then check the directory that I’m currently in and see if there’s anything interesting there.
  3. Check the version of operating system and see if there’s a privesc exploit available.
  4. Run linenum and check for anything interesting.
  5. Check the forum again if stuck.

Learning and Iteration

It can be easy to become focused on just winning and forget about all of the learning, but It’s important to keep in mind while doing these challenges that the primary goal is education. Each attempt, each failure, and each success is a stepping stone towards becoming more proficient in your cybersecurity skills.

Conclusion

I hope that by sharing my methodology, it can help you develop your own method. As you develop your own method, remember to stay flexible, be open to learning, and have patience with your progress. Developing these skills can take time.

If you’re new to tech and want to work in cybersecurity, check out our foundations series.

Connect with me on LinkedIn

Scroll to Top