HackTheBox CTF Setup

What’s HackTheBox ?

HTB is an online platform allowing you to test and advance your skills in cyber security. It offers many challenges around cyber security like CTF, cryptography, steganography, etc. HTB works also in association with some universities to propose to their students labs where they can test and improve their skills. The CTF machines are diverse and have vulnerabilities that are often found in real life, making it a perfect playground. They provide to their users an openvpn config so they can be in the same local network as the machines making it easy to interact with them (no need to set port forwarding on your router or that kinda things).
Each month, they add a new box available for all users and they retire one. Users can then release write-ups for the retired machine since it is forbidden by the rules to do so while the box is still active. The retired machines are not available to free users anymore but you can upgrade to VIP to access them and their official write-ups.

The Systems I use

For HTB, I use two virtual machines, mainly one Linux and sometimes Windows. I made the choice of virtual machines because that’s what they recommend. In their rules, we can read the number six being:

Don’t use your production PC to connect to HTB Network

We strongly recommend not to use your production PC to connect to the HTB Network. Build a VM or physical system just for this purpose. HTB Network is filled with security enthusiasts that have the skills and toolsets to hack systems and no matter how hard we try to secure you, we are likely to fail. We do not hold any responsibility for any damage, theft or loss of personal data although in such event, we will cooperate fully with the authorities.

Also in their documentation on how to access their network, you will find:

  • Install software for managing virtual machines, such as VirtualBox, VMWare Workstation, etc.
  • Create a Linux virtual machine. You can use a pre-made pentesting OS such as Kali Linux/Parrot Linux, or build your own toolkit from scratch. We do not recommend using Windows as your primary attack environment.

So be warned, do not to use any computer that contains any sensitive data.

The Linux System

For Linux, of course the first distro people would think about is Kali Linux. But I went for a lighter one since I’m running it on a VM and it’s Parrot OS. Parrot has different flavors but the one that poked my interest in the security one. It’s completely free and comes preloaded with as many tools as his older brother Kali. You can download it directly in an ova format to import in VirtualBox and you can even choose between Mate and KDE as your desktop environment.

Parros OS

The Windows System

Ok, I’m gonna say it myself before anyone does: why the hell Windows ?! Well you see, Windows can sometimes become handy when you’re dealing with machines running on Windows with Active Directory. Buuuuuuuut, I’m not using the “usual” Windows! I use Commando VM which is a fully customizable Windows-based pentesting virtual machine distribution made by fireeye. For me, it’s like Windows on steroids, stripped of many of the default/useless apps that comes with Windows and filled with awesome tools. It has even a Kali subsystem, …, yes, Kali opened from Windows!
The installation can take time (half a day for me) and there is a ton of reboots during the process but it’s automatic and it’s worth the wait. I recommend it a lot when working with machines on Windows.


Tips & Tricks

Let me make a confession, I’m very lazy. I am a former developer, that explains everything. So I do thinks that makes my workspace eay to use and I will share some of my tricks. First in my Parrot VM, I created a directory structure that helps me keep things organised that looks like this:

▾ /home/user/
    ▾ htb/
        ▾ boxes/
            ▾ <machine_1>/
            ▾ <machine_n>/
        ▾ crypto/
        ▾ forensics/
        ▾ web/

Furthermore, I tweaked my .bashrc by adding some stuff:

alias htb='openvpn ~/htb/<htb_username>.ovpn' # Connect to HTB network
alias tun0='ip addr show tun0' # IP address in HTB, for reverse_tcp
mcd() { mkdir -p "$1" && cd "$1"; } # For machine folders

Since I also use a lot nmap, it’s the first step of CTFs after all, I added an alias that helps me not only scan but also save the output in different formats for further treatments. I must say that when scanning for CTFs, sweep all 65535 ports, don’t just limit yourself to the well known ones. Also you might want to adjust the rate, if not it will be quite slow.

scan() { sudo nmap -v -A -Pn -p- --min-rate=1000 -T4 -oA nmap "$1"; }

Each time I fire up my VM and want to work on a new box (synonym of machine) I do the following:

  • Run htb alias in a tab of terminator
  • mcd <box_name> in a new tab
  • sudo vi /etc/hosts to add the box to my hosts file as a shortcut
  • scan <box_ip> or <box_name>
  • Do other stuff while the scan is running

Actually, my hosts file looks like this :)


Tools and Documentation

For the tools and documentation, I will first mention PayloadsAllTheThings GitHub repo. I has a ton of techniques and cheatsheets for doing a lot of stuff. This repo, is the holy grail for me, it has proven to be very very very useful. Go explore it and you will see for yourself.
Another incontournable one is impacket Github repo. It contains interesting python scripts for working with network protocols and Windows services like Kerberos or Samba. You can install it using pip and don’t forget to add the install path to you PATH variable (/usr/share/doc/python3-impacket/examples if you used python3).
For scripts associated with John The Ripper, they can be found at /usr/share/john, so go ahead and add it to PATH too.
Next comes ippsec.rocks that helps me find Youtube videos demonstrating practical use of some tools like PowerUp, mimikatz, etc. You might also want to give a look to the searchsploit command from the metasploit framework, it comes handy when you’re searching for vulnerabilities. For msfconsole, you already know but I’m trying to use it as little as possible.
Another good reading I got from my mentor is HackTricks Book. It’s like PayloadsAllTheThings but far more detailed. For videos tutorials of HTB CTFs, visit ippsec Youtube Channel and you won’t be disappointed. For the rest, I think Google will help you.

I will keep editing this list as soon as I find something interesting to add to it. Feel free to contact me if you have useful things too, I will be glad to add them. That was all for now, thanks folks, see you!

PS: If you got into HTB from here, please PM me as soon as you can. My username is overlordh. I will be glad to chat.

Mamadou L. NIANG
Mamadou L. NIANG

Senior Java developer mainly around Spring and now, on my way to being a professional pentester.I love learning plenty of stuff and sometimes breaking them.

comments powered by Disqus