r/hackthebox

How do I get better at enumeration?

I’m about 4 months into hacking, and I just can’t seem to get good at enumeration. it’s so boring… the worst part is the directory brute forcing. is there any way where it becomes second nature or fun? thanks.

reddit.com
u/Mac4Life1 — 5 hours ago

Just finished the CPTS path after 14 weeks of grinding ~6h/day. My brain is fried.

https://preview.redd.it/h54d8j842lbh1.png?width=1251&format=png&auto=webp&s=907cb66696d7920c29cf903c9337173f58c33f90

Ok so I just wrapped up the HTB CPTS path and I genuinely don't know how to feel. 14 weeks, roughly 6 hours a day, thousands of notes, and countless conversations with Claude begging it to explain stuff to me like I'm a toddler (background: I'm an artist, none of this made sense at first lol).

The amount of information crammed into this path is insane. And no, the walkthroughs don't hold your hand. The actual loop is: try > fail > google > give up > come back > give up again > question every life decision > suddenly it clicks at 2am.

This weekend was rough. Did the Attacking Enterprise Networks (AEN) module THREE times before it actually made sense and I could pull off a clean double pivot. Also messed around with Ligolo and some other tools not in the course, specifically because I want to avoid leaning on Meterpreter (banned on OSCP, so might as well build the habit now). Plan is to recycle everything from this path into my OSCP prep once I pass the CPTS exam.

Not gonna lie, AEN was my favorite module. Hardest one by far, but also the first time I felt actually proud of myself. My notes paid off. I stopped just copying the walkthrough and started trying techniques that felt more natural to me, which made me actually USE my notes instead of hoarding them.

Next up on the roadmap:

-CPTS path boxes

-Dante

-TJ Null list

-Blind retry of AEN just to prove to myself I actually learned it

reddit.com
u/OohRahDahtEndaht — 9 hours ago

Done and dusted

Got done with the exam and submitted the report yesterday: 13/14 flags.

One thing I can say for certain is that Flag 8 is no joke. I thought people were just hyping this flag up, but it requires very deep enumeration and involves a long attack chain.

Word of advice: do the full IppSec unofficial CPTS prep track, as well as the official HTB CPTS prep track. Everything. Take notes on the methods used and replicate them. This will save you in the exam.

Another piece of advice, have a windows device ready, you will thank me later.

reddit.com
u/Waste-Subject-9939 — 11 hours ago

12 flags out of 14. Flag 8 is the worst

Hey, I finished and submitted my exam yesterday. I passed technically, but I'm still waiting on the results. With CPTs, OSCP, and CRTO certifications, is it possible to enter offensive cybersecurity without experience in pen testing?

reddit.com
u/Think-Zebra-890 — 15 hours ago

Returning after a year........

So like I am returning to htb after a year or so, because of academic pressure I was not able to do anything :(, so I am little confused now, cause before we used to have a VPN option to connect our local machine but now I can't see it :( where did it go ,please help

u/Drax-6-1-9 — 1 day ago

How to find existing windows / AD CVEs

I've just completed the fluffy box, where you can read a PDF file that tells you what CVEs to use to get an initial foothold. The CVE was CVE-2025-24071, where you can create a malicious .zip and capture an NTLMv2 hash to crack when someone opens it.

I realised that if this PDF never told me what CVE to look at and use, I never would've found it / solved the box. In my current methodology, I only test for coercion CVEs (such as petit potam) via netexecs coerce_plus module, and nopac.

If you were to do the fluffy box without being told what CVE to use, how would you figure it out? Would anyone be willing to share their methodology when it comes to finding these things?

Thank you

reddit.com
u/Vegetable-Ad-5808 — 20 hours ago
▲ 24 r/hackthebox+1 crossposts

0 Practical Skills and 5 Months of Grinding Theory - CTF/CJCA/CPTS

Hi Reddit! Hi guys! For 5 months I've been working towards the CJCA Certification, it took me so long, 'cuz I'm a person who tried to leave no stone unturned, during this period I have solved all the Starting Point CTFs and 2 Easy-CTFs (`Cap` and `Kobold`), though I had to use a write-up for the last one.

Nevertheless, I have never solved CTFs without any hints or write-ups - by myself, it's a painful experience, when your "detailed knowledge" is equal to 0. So, I've been grinding the theory - Nmap - Footprint - Wordpress.. etc from the CJCA path. After completing offensive modules I tried to solve Easy Enigma Box; on the bright side - my mindset got better, enumeration skills also, but ultimately I haven't been able to solve a box on my own yet.. Idk what I can to do, how to understand CTFs, CVEs without PoCs and other stuff. Do you have any advice? (pls)

I decided before exam to complete some extra-modules from CPTS path - Linux/Windows Priv.Esc, Web-Shells and Attacking common Services. But I'm very confused and frustrated right now

reddit.com
u/DoughnutResident — 1 day ago

Looking for people

​

I'm looking for a beginner group where we can help each other, work as a team, and learn from one another for the Hack The Box competition:

Cyber Apocalypse 2026: The Salt Crown

There's a Discord group for it — if anyone's interested, comment below and I'll send the link.

reddit.com
u/Adventurous_Exit267 — 2 days ago

Clarification on HTB CDSA Flag

Hi everyone, I’m prepping for the HTB Certified Defensive Security Analyst exam, and I’m a bit confused about the flag submission process. Once I find a potential flag, do I submit it in a special answer box, and will the system immediately confirm whether it’s correct or not? (just like in the modules it will only accept correct answer)I’m trying to figure out if there’s a clear real-time validation so I know I’m on the right track. Any insights from those who’ve taken the exam would be super helpful. Thanks in advance!

reddit.com
u/Pristine-Meat1379 — 1 day ago

CPTS: Is Bloodhound really needed?

I went through the Active Directory Enumeration & Attacks module hardly using Bloodhound at all, even when it showed me how to do certain attacks with it because I preferred Powerview. If I don't use Bloodhound during the exam, would I be doing myself a disservice or can I get through it just using Powerview? I figured I could try using Bloodhound only if I get super stuck and need to see the entire path to Admin, but I just really like Powerview for some reason lol

reddit.com
u/VolSurfer18 — 2 days ago

Where do I go to better understand what I'm doing?

Hey party people, I've recently gotten into hack the box. I really enjoyed the foundations part of it, but since I've moved onto fundamental exploration, I don't know what I'm doing anymore. Is there a specific part I can go to, to better understand what I'm trying to do or do I just need to always use the write-ups? I feel like I'm not learning anything while doing them and more just copying what worked, which always doesn't work. I've tried using chatgpt to help dumb down what I'm doing but it still hasn't help.
Where do I go to learn what I'm doing?

reddit.com
u/AccomplishedFact433 — 2 days ago

HTB Academy Silver Annual - Exam Voucher Timing Questions

Hey all, hoping someone with experience can help me out.

I bought the Silver Annual subscription about 7 months ago during their end-of-year promo, and I've been working through it since. I've made it about 80% through the Penetration Tester path, but life got in the way and I haven't been able to study for the last 3 months. My subscription (and the included exam voucher) is going to expire soon, and I'm not sure I'll be fully ready in time.

On top of that, even before my subscription deadline hits, the only real time I have to study is the next two months of summer. After that, I don't think I'll have enough time to dedicate to finishing the PT path or practicing for the exam.

Two questions:

  1. Once I redeem the exam voucher, do I have to start the exam immediately? Or can I finish the path first, redeem the voucher, and then start the exam whenever I actually feel ready ?

  2. Is there any way to extend or delay use of the exam voucher past my subscription's yearly deadline? Even just for the exam itself, separate from the rest of the subscription?

Just asking because currently it is very dificult for me to pay for another exam as I am a student .

Appreciate any insight from people who've been through this before. Thanks!

reddit.com
u/kim_pax — 2 days ago

CPTS DONE !!!!!

so as you guys know from my previous posts, a long journey came to an end... im going to take a biiiiig break and relax, will completely switch off my mind... just finished my 12th flag and done.

I was making report side by side... just need to add bits and bobs.. 7 days... This cert tests your mental fortitude and the physical.. once Inshallah when i have my passing result, i will do the feedback... for now good night folks.. tonight will be the first night i will sleep like a baby :D , I almost cried getting the 12th flag,, cause of the sentiments that i have towards this cert, this whole HackTheBox community and mission that I have to provide better for the family, to my kids so they do not have to face hte challenges that i faced.. but this is not the end by any means !!!...

I already have had CRTP and CRTO. A long journey ahead begins after few days of break. The goal is to be a senior red teamer, oh next stop porbably COAE, half way through the pathway. now I will focus on that full time.. Enjoy folks be safe where ever you are. Peace

reddit.com
u/nemesis740 — 3 days ago

Which certs or paths are good to start bug bounty hunting?

After doing CJCA, which cert is good to start bug bounty hunting; CWES or CPTS? Is one of them enough, or do I need to go for more like CWEE ?

reddit.com
u/Shot_Surprise_6726 — 2 days ago

CPTS

Hi everyone, I’m currently going through the HTB Academy Penetration Tester path.

The more I learn, the more I realize I keep forgetting earlier concepts, so I’m trying to improve how I revise and organize my notes.

Would anyone be willing to share useful cheatsheets, notes, mind maps, study structures, or revision resources that helped them retain the material better?

Thanks in advance, I really appreciate any guidance.

reddit.com
u/xcyx909 — 3 days ago

CRTP

Hi ...I recently purchased a 1 months CRTP lab access plus exam . BUT I am a beginner to AD, so as a beginner what are the HTB machines could be very useful in my preparation for CRTP.

Also some prep tips for my exam

reddit.com
u/iam_tyler_durden__ — 3 days ago

Cjca exam

Just finished my CJCA exam with only 2 flags, This was my first exam of this kind, and it was much harder than I expected. It really makes you think.

I pushed myself for four straight days with barely any sleep or proper rest, and I think that was my biggest mistake. I should have given my mind time to rest, switch off for a while, and process everything I was seeing and doing.

It was definitely fun, but also frustrating at times. It made me question almost every decision I made and made me second-guess myself.

I clearly need more practice before my next attempt. Any recommendations for Boxes, Sherlocks, or other labs that would help me improve ? any advice is welcome.

reddit.com
u/TITAN-VI — 3 days ago