Why I chose "Hack the Box" over "Try Hack me"
*** I'm leaving this article up, but I have actually had a change of heart on the debate over THM and HTB. If you are curious check out this article***
I guess I will start off and tell you that "spoilers alert" I chose HTB. However the decision to go with HTB over THM is kind of unique to who I am as a learner. I am sure that there are many people out there that learn the way I do. This article is not going to be a features comparison. I will not be doing a side-by-side on all the unique tidbits that each product has. I wanted this article to be a personal reflection, a commentary and more personal.
I also want to be clear that THM is a wonderful service, widely popular and loved by the folks who subscribe to it.
Here is an analogy of HTB and THM.
Imagine you are visiting a swimming pool. You are wanting to learn to swim.
Your swim instructor takes you over to the deep end and they say "get in."
You do so and you float out of range of the edge of the pool.
You panic, you begin to sink.
Then while you are sinking you realize that when you move your arms you come out of the water a little.
You grab a breathe of air.
Then you realize that when you kick your legs and move your arms you can stay above the water better.
You grab a bigger breathe of air and gain confidence. "This isn't so hard!" you exclaim.
The instructor points silently to the middle of the deep end, you slowly wiggle your way out there. Once you are out there the instructor turns around and flicks a switch. The wave machine has turned on.
You are splashed and thrown around a bit, but eventually the machine turns off. Calm waters, and as you swim back to the edge, much more confidently, you realize that the instructor said nothing to you but you learned how to swim.
That's HTB.
Let's switch gears.
You are at a different pool. The instructors here are very different. On your first lesson they take you over to the shallow end. Tell you to dip your toes in, make some bubbles, get your face wet, attempt a back float if you are feeling like challenging your self. It takes several lessons like this but eventually the instructor who has been swimming beside you the entire time FYI, asks you if you would like to maybe visit the deep end. You say no, and that you would like to practice a bit more right here. They are perfectly nice and tell you, that the challenge level can be increased whenever you are ready.
Some time passes and you decide to take a dip into the deep end. You slide in the water, nervous about the fact that you can't feel the bottom on your toes, but you are ready. You roll onto your back and expertly glide over to the middle of the pool. Instructor asks you if you are ready for the waves. You give them the thumbs up. They tell you to not forget all the things you learned and actually remind you about some of your lessons you took. You feel confident as the machine turns on, waves splash you and push you around. You are unfazed and ask the instructor if the machine has any bigger waves.
That's THM.
Two different approaches to learning. HTB and THM are two awesome tools and you can learn a ton.
I chose to jump in the deep end with no guidance. There are definitely moments where I scratch my head and say "how!?" and "What do I do here!" I literally get angry when I miss obvious vulnerabilities. I get excited when I discover something brand new and add it to my hacking process. I get absolutely ecstatic when I can find the user/root flag. One time I owned a machine in under 10 minutes, I screamed with joy!
With two different styles of learning, is one better? The answer is "no" but also "yes."
Not everyone knows how they best learn. That's why trying different techniques and methodologies is important for figuring out what works best for you. Truth be told, my "best" style sometimes changes. Some days my patience for troubleshooting is high and sometimes it is very low.
Typically I learn best though by getting my hands "dirty." Ya, I like a good "how-to" but I don't get that deep learning until I have done it for myself. This is part of the reason I am drawn towards HTB.
Tips for getting started with HTB:
1) Consider subscribing for the VIP+ pass:
There is a way to "play" for free. Meaning that you can hack a machine that is available to you without having to pay. However the challenge comes when you are part way through your hacking process and the other free players vote to reset the machine. It can be extremely frustrating to have this happen. When a machine is reset you lose all your progress, hopefully you took good notes.
With the VIP+ I can create my own instances. Sometimes I will start a machine and leave it running over night. I come back in the morning and my target is still running just the same. This is extremely helpful.
VIP+ also comes with basically unlimited time limit with PWNBOX. Which is an attacker machine you can spin up and access through the browser. Pwnbox is useful when I still would like to hack but I don't really want to sit in my office. Downside is that my kali machine is on my desktop and it has a lot of custom downloaded tools that your pwnbox instance will not.
2) Do Tracks:
Tracks are essentially groupings of challenges and machines that fit into a category. Maybe the category is steganography, reverse engineering, active directory hacking, it's endless. These are really fun, and have the same principal of "get in the water bud." At least you know when you are working through a track that you are building on a foundation of knowledge on something specific.
3) Use Walkthroughs Wisely:
One of the complaints is that there are a ton of walkthroughs for the machines. Yes it is true that it is very easy to find walkthroughs, however if you use these wisely you can really develop your learning.
My advice is "try harder" until you are really really really stuck. Take a peek at a walkthrough. Don't read the whole thing, just peek at the piece you are missing and not even the whole bit (you will know when too stop). Take this new bit of info and go back to the target machine and "try harder" again.
which leads me too point 4...
4) Take Notes:
It may seem obvious but if you are peeking at a walkthrough then you have found an area where growth is required. Document what you learned! The next time you are faced with this challenge again you will have notes to look back on.
I hope this synopsis of HTB was helpful. I use the service heavily and my learning has been amazing!
Reference:
