No Spoiler Review -- HTB Delivery

Did Delivery on HacktheBox yesterday. I worked with a friend who is also studying for his OSCP, so we were able to build off of each other's progress. The machine is designed by IppSec, the dude who does HTB walkthrough videos on YouTube. Overall, I have to say it was a great teaching machine.

Delivery wasn't what I'd call challenging, but it does have its holdups as you work through it. Fortunately, I never felt that I was just taking wild guesses. Everything I did required me to connect dots and as the friend who worked with me through it said: "Don't move faster than you can read."

What he means by that is, read your results. Really read your results, and the output of things you receive. It's easy to overlook things, because you want to move quickly. You have to ask yourself what the application or system is telling you, and start connecting the dots. That's actually a very difficult skill for some of us to pick up (including myself in that). In your excitement for making progress, you overlook the clues that are laid out for you.

IppSec's Delivery does a good job of showing the basics, and leaving enough clues to inform you where you should be going next. The machine has an interesting way of teaching new tools and techniques by finding neat ways of mentioning how they may work. It's up to the user taking on the challenge to figure out how to use the things he mentions.

I know this is said time and time again, but basic enumeration will get you to the end. Given that this machine is designed to teach you the basics, and not make you go through any ridiculous lengths to get to root, it's a great starter box. Definitely give Delivery a go.