2 minute read

Over the last couple of weeks my focus has been on training. I have significant technical experience, mainly with programming. I’ve gained quite a bit of security knowledge along the way. But now I’m really diving into it, and trying to improve my hacking abilities.

I’ve been working toward Hack The Box’s CBBH and CPTS certifications. In order to earn them, I’m first taking the HTB Academy Job Role Paths for each, which have a list of modules to take with various skills. The two certs have a lot of overlap, so I’m working on both at the same time.

Some of the modules cover the basics, and some go a bit deeper. So far, I’m 15 modules in. Recently I’ve been working on modules covering:

Command Injection. This is where you can inject a string into a web app that is used in a shell command. The module presented some ways to bypass common filters as well, which I found very helpful. For example, if the target is a Unix-based OS, and the / character is being filtered, you can often put a space character into the command using something like ${PATH:0:1}. In short, this outputs the first character of the PATH variable in bash, which is usually a / character. Handy!

SQLMap. This is a very important tool for SQL Injection vulnerabilities. I’d used it before in CTF’s, but the module introduced me to more of its options, configuration, and capabilities.

Cross-Site Scripting (XSS). This module was fairly quick since I have quite a bit of experience with XSS, from when I worked on WPScan. However, the skills assessment at the end had me stuck for quite a while because it was buggy. It’s tough to make XSS challenges, because usually you need to have some bot running a headless browser in order to simulate triggering the XSS as a privileged user, and in this case that bot didn’t seem to run consistently. But eventually it worked.

I also spent some time trying some actual bug bounty work, but didn’t get very far. I feel like maybe I should focus more time on some Hack The Box machines instead, until I improve a bit more. I got an invitation a while back to a private bug bounty program for a large financial institution, and I thought since it’s a private program maybe there were more opportunities for me to make some progress. But I think I’m still not quite ready for an app of that scale, it’s pretty overwhelming. I’ll get there, though.

Also I tried doing some spidering using the rate limiting that they required in their program, but still got my IP address temporarily blocked. Whoops.

Getting stuck on things is never fun, but this is part of the journey. Everything is a learning experience right now, which is exciting, even if it’s frustrating at times. I’m looking forward to continuing on, and increasing my skills.

Updated:

You May Also Enjoy

HTB Machine - Nocturnal Writeup

12 minute read

The Nocturnal machine on Hack The Box has a rating of “easy” and is a Linux server. Although it wasn’t too difficult, I definitely got stuck in a couple of p...

My First Certification

3 minute read

Today I got my first cybersecurity certification: the Hack The Box Certified Bug Bounty Hunter (CBBH)!

Hack The Box – Underpass Writeup

7 minute read

I’ve been doing some Hack The Box machines, and recently tackled Underpass. It is listed as “Easy”, but it helped to reinforce some basic skills.