Week 2: Smooth Week Not Found — But I Still Hacked My First Box

Aditya SoniAditya Soni
5 min read

What This Week Was About?

This week, I made solid progress in my cybersecurity course and tackled an easy Hack The Box challenge using the concepts I’ve learned so far. What made this experience even more exciting was how I used ChatGPT to overcome roadblocks during the challenge. This marks one of the first real instances where AI directly contributed to my workflow—highlighting how AI is not just a goal of this project, but an active part of the journey in building a smarter, security-focused AI.

Along the way, I ran into multiple challenges—some taking almost an entire day to solve. But that’s part of the learning process. And again, when I was truly stuck, ChatGPT played a key role in helping me move forward. These experiences remind me why this project matters: to explore how AI can meaningfully assist in real-world cybersecurity—and, eventually, to build something that contributes to a safer digital future.

This Week’s Goals:

  • Showed progress in my enrolled course (~200 course minutes).

  • Learned the basics of system pentesting, pentesting with ChatGPT, and creating backdoors.

  • Hacked HTB machine named “Cap”.

What I learned so far:

  • How to downgrade HTTPS with HSTS—HTTPS downgrades to HTTP which means packets are not encrypted and usernames and password can be captured rather easily but the drawback is that many sites know about this and take measures to prevent HSTS.

  • How to use Nmap to find open ports—as such we can launch attacks based on what ports are open.

  • The difference between telnet and SSH—SSH is much more secure and is the standard for most server communication today.

  • Privilege escalation—using linpeas, a tool hackers use to find system vulnerabilities that can help gain root access. I used this to find the second flag in the “Cap” HTB machine.

  • Using msfvenom to generate backdoors — while testing, I had to disable Windows Defender on my VM because standard Meterpreter payloads are easily flagged.

Challenges I Faced

  • I was unable to spoof my target Windows machine using Bettercap, even though spoofing worked using dsniff. What made it more confusing was that Bettercap had worked perfectly the previous day.

  • I couldn’t use the latest hstshijack caplet in Bettercap.

  • My Kali VM and the Metasploitable VM were on different subnets and couldn’t ping each other.

  • I couldn’t connect to the Hack The Box (HTB) VPN server for the target machine I was trying to hack.

  • I had trouble installing FatRat (a tool used to generate backdoors).

How I Solved Them

  • Since spoofing worked with dsniff but not Bettercap, I figured the issue had to be with Bettercap itself. I checked the version and realized it was outdated and dependent on an old Ruby version that no longer matched my system. I uninstalled it and installed the latest version of Bettercap, which is written in Go and doesn’t require Ruby. After that, spoofing worked as expected.

  • The problem with the hstshijack caplet was that it was stored in a different location, and Bettercap was still looking for the original folder — which I had deleted. I also had to update the file paths to the payloads in the caplet script, since they were different from what the caplet expected. Once I fixed the paths and restored the folder structure, it worked.

  • To fix the subnet issue between my Kali and Metasploitable VMs, I switched both of their network adapters to “Bridged” mode. That put them on the same network and allowed them to communicate.

  • The VPN connection issue was due to an already running VPN session. Kali can’t host more than one VPN connection at a time, so I had to kill the existing VPN process before starting a new one. That resolved the issue.

  • As for FatRat, MinGW wasn’t being detected properly during installation. I had to try multiple times before it finally worked. I’m still unsure why it failed initially, so if anyone reading this knows the actual cause, feel free to drop a comment.

Next Week’s Goals:

  • Explore and use FatRat to generate backdoors.

  • Learn basics of Social Engineering.

  • Learn the basics of Social Media Security

  • Start website hacking by explore and using Beef.

Wrapping Up:

This week pushed me outside my comfort zone but I guess that’s where the learning happens—from fixing networking issues to capturing a screenshot on my victim machine, every problem become a stepping stone. What impressed me the most is how AI played a prominent role in helping me solve issues when I got truly stuck. The power that AI holds in this modern age is something that I want to use to make an impact globally especially by making the digital world secure. I’m excited to keep the momentum going and if you are following along feel free to share your thoughts, tips, or questions in the comments.

Until next week — stay curious, stay secure.

Disclaimer:

This blog documents my personal journey in learning ethical hacking and cybersecurity with the intent to build responsible AI tools for penetration testing and system defense.

All experiments are conducted in isolated lab environments on virtual machines I own or control. This project is strictly for educational and ethical purposes.

I do not condone or promote any form of unauthorized or illegal access to systems.

0
Subscribe to my newsletter

Read articles from Aditya Soni directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AI#cybersecurityethicalhackingchatgptpentestingLinux

Written by

Aditya Soni
Aditya Soni