Recap on what I've already done before continuing on to learning privilege escalation.

Following the module, I've learned the basics of using a VPN through the command line:

How to use SSH and what it's for. Essentially, being a more secure way to log into a website as an administrator via public/private keys, I think.

How to use Netcat and its basic function, though I really need to take the time to find a module on it more in depth to understand what it really does/can do. So far, I just understand that it's a way to connect and interact with different TCP and UDP ports, if I'm understanding things properly.

The module had me install Tmux, though as far as I understand it only lets me have multiple windows in my command terminal. (Not so useful for me outside specific circumstances I can imagine where I already have other terminals open and need a new space within something on screen already.)

It went over Vim, though even with it only being for text editing (as far as I can tell from its explanation), I don't quite understand it and its usage. I should definitely look into it more since keyboard only usage would be helpful, though I doubt I'd be able to full immerse myself in it.

Nmap was probably the thing I understood the fastest. Being just to preform a scan to see what ports are open or being used, it can be the easiest way to find open ports, but that would just be a basic scan. When using it for more in-depth scans, though it may take longer, the scans can indicate all open ports and even what versions each port is running on, giving you the information needed to find ways into a system. It also allows scripts to be ran giving extra functionality, a deeper dive into Nmap usage definitely seems warranted.

FTP (File Transfer Protocol) was something I honestly forgot about after it was showed to me, but given it's importance in acquiring data from a server, I'm sure I need to take the time to go back and understand how its used and what exactly it can do.

Interjecting here since as I was booting up my VM, I encountered an issue where the VM stays on a black screen when I logged in. It's a consistent issue, but just exiting Fullscreen fixes it. I guess I should figure out why so I don't have to deal with it later.

SMB (Server Message Block) seems like an important protocol to be able to exploit, but I don't think I paid enough attention to this section of the module to really understand what all I can do with it. Even as I reread the section right now, I don't think I understand it very well. I do understand there's a thing called smbclient that lets you access information within so you can get potentially get access to user files, but aside from this usage, I think I'm missing something

SNMP (No clue the expanded name) seems to be something for finding information on routers? It says that you could potentially find credentials being passed through it, but I don't really understand the explanation.

Taking a short break before recounting other parts of the module like Web Enumeration, Public Exploits, and the different types of Shells it explains.

Introductions?

So, day 1. Here's the idea, I guess. So, I'm learning though Hack the Box's online modules. I've been learning for a few weeks and figured something like this would be good to catalogue how well I'm doing and in general keep track of where I'm at.

So, call me Alt, I'm 24 as of posting this and do a couple things to pass my time, one being learning how this web penetration thing works, the other being streaming the games I play when I find time or need the relaxation.

As of right now, all I know are the basics for both and I'd like to be able to do both. Keeping this blog here I think will help at least with one of those. To sum up my current knowledge with what I've done in Hack the Box, I've done the basics on Web Requests and learned how to deobfuscate JavaScript. Not much I know, but we all start somewhere.

Though it would be somewhat tiresome and split my attention, I will be pseudo-live blogging through my journey, mostly as a way to talk myself through what I am doing and bounce the ideas to myself to see where I am misunderstanding something, but also to sorta show my thought process on things and refine how I think through problems.

For my setup and what I am using as of now:

ParrotOS Security Edition is the OS I operate on when learning and practicing.

I use Oracle VM Virtual Box to run the OS I operate on.

My PC specs probably dont matter and will likely change, but for now it includes -i7 12700F -RTX 3070 -32GB DDR4 Ram (8x4) (Ik other things are important but honestly most people would only ask about those 3)

The OS on my base system is regular old Windows 11 (I know, I know, bloatware and all that, but honestly I'm too lazy to get a version without all the bloat and what not and have to reinstall/relog into everything for now)

And finally, as mentioned above, I've been learning through hackthebox.com currently.

If you've got any questions, suggestions, or recommendations, don't hesitate to message me or send me any of your questions to my Ask inbox!