Tier 1: Three - HackTheBox Starting Point - Full Walkthrough

The solution in 3.2.0 is to use the --append-domain flag with gobuster which will "Append main domain from URL to words from wordlist. Otherwise the fully qualified domains need to be specified in the wordlist."

Alternatively, use ffuf and filter by response code (rather than length)

_CryptoCat

for 'very easy' this is surprisingly hard for everybody

hellothere

The official htb walkthrough was so confusing at the end for a beginner like me. They wanted to set up listening, then run a python server, all to use a reverse shell. Your solution was so much simpler. Earned a sub from me 🤙

HolyGamebot

The tldr command is a bloody lifesaver

ismailmatrix

Thanks :) Solved this machine few days ago, steps were a bit different and your way is much simpler. Again, learned few new things from your video. Keep them coming ❤

uv

i just recently got back into hacking after a while and your channel has been SOO helpful on my journey so far, keep up the great work!

Fybir_

This is so hard man I legit gave up half way through, the scanning faze requires new things we havent done and the end is crazy for the first level

infamousstreaming

Christ almighty what a goddamn nightmare of a Very Easy flag. As a beginner this makes me feel utterly helpless and clueless but I can't say I didn't learn anything. I owe it to myself to do a writeup of this to reinforce it honestly.

NimbleSF

I've been working on this machine since it released and havent been able to figure out what was wrong, so thank you so much for your hard work and videos because I was losing my mind

revivedXrevolver

Thank you so much for your tutorial. I have been studying it these days.

VexeX

If I get nothing else out of your video (and I got a lot!) the tldr command is gonna help me immensely!!! I don't think I can fully understand just how helpful that is going to

WheeledNomad

If this is the Starting Point, I'm afraid to look at advanced machines hahahaha.
Great video btw

Gazty

TY dude! I was getting so frustrated at enumerating subdomains step.

whilykitt

Hi, fantastic video that helped me a lot but I struggled getting a shell up and running following this video and following the HTB walkthrough. I've followed these as accurate as I can but I can't get a shell connected. I'll keep trying!

theexclusivecorner

appreciate this video so much. I had a really difficult time with this one

johnmellows

Feels pretty good to be able to contribute to hackthebox academy as well!

kavishkagihan

Thank you for your videos bud, much appreciated<3

Sodatex

Forgot to say thanks for this, was a little stuck but got there nicely.

You looked at the "RedPanda" machine? It's ridiculously difficult with priv esc. I spent an absolute stack of time on it and had to read up, it's VERY difficult (imo) for those beginning. Would be a worthy video for you to do. Thanks again 👍🏻

kylejf

When I put the IP address in the browser and click enter, it's taking a lot of time loading and it's not opening the website. However I have a very good internet connection.

What should I do? how do I fix this issue?

cyberdash

Finally, fianlly, finally, I stuck in the flag.txt for a long time. Thank you for sharing.

hahahazzzify