← Back to Home

The Moment I Realized I Was Memorizing Instead of Learning

February 24, 2026
htbprogressLearningoffensive-security

This article is about what I learned failing an "Easy" HackTheBox machine. It is a self-reflection about how I fixed my way of thinking when approaching problems.

The Expectation vs. Reality

It’s a real slap in the face when you’ve done a few easy retired HackTheBox machines with walkthroughs, then you think you’re ready to hit an active machine without any walkthroughs, and you just get destroyed. You boot up the attack box expecting an easy one hour win. Three hours later you are staring at a terminal, stuck with no clear next step, wondering if you are fundamentally unqualified to even continue in this field.

The Walkthrough Trap

That’s exactly where I found myself last night. I booted up the attack box, loaded the WingData machine, expecting a quick win. It started off great: a fast enumeration, an RCE discovery, a reverse shell, and I had the user flag. I was just executing a checklist I memorized from retired machine and walkthroughs, and that was the problem exactly. Then came the privilege escalation, and the checklist began to fall apart. I found a python script the user wacky could run as root via sudo without a password. Relying entirely on memory from old walkthroughs, I immediately tried to open it in nano (unfortunately vim wasn’t installed) to inject a reverse shell payload. The terminal gave a permission denied error, I didn’t have permissions to edit the script. This was a perfect example of memorizing and not understanding.

Out of Memorized Steps

My checklist ran out, so I turned to actually reading the source code. The script’s logic was simple, it took a tar archive from an input directory and extracted it into a set location. I knew something had to be done with the extraction, but I just didn’t know what. I tried to think about it for a good chunk of time, I tried asking AI, which just led me down rabbit holes. I was stuck at this point, basically running out of memorized steps. So I found a writeup, that didn’t give me enough to actually solve it (because it’s still an active machine), but enough to make me feel dumb for not know the answer. I tried to work with AI and the writeup to figure out what to do, but I kept hitting a wall. Eventually I just turned off the machine with 50% complete.

The Mindset Pivot

I found myself wondering how people just know these niche attacks. I thought there was something wrong with me for not knowing the answer immediately. But the more I thought about it, the more I realized I’ll never know every single niche software or vulnerability, neither does anyone else. The people rooting these boxes don’t have a hacking wiki in their heads. They understand the underlying architecture, they research the software, and they have a methodology. While I was trying to bypass a security mechanism I hadn’t even bothered to understand. That is a worse failure than simply not solving the box. So today, I woke up and decided to wipe the slate clean. I relaunched WingData, but this time I stopped to understand every step and why I did it. I started looking at the architecture, what exactly is this script doing, and why does this specific attack break it?

Beyond the Walkthrough

This post wasn’t meant to be a step-by-step guide to rooting WingData. It is a lesson I learned while reading someone else’s step-by-step guide and failing. The most important lesson wasn’t how to bypass a security measure in Python’s tarfile module. The lesson is that just throwing payloads, commands, and tools at a problem will leave you lost and unprepared. The key is understanding what you are doing and have a methodology when approaching any system. That’s what I’m working on improving now. I’m not saying following a guide is bad. But doing so without understanding why every step was taken is completely useless.