Hack The Box is an online platform to test and advance your skills in penetration testing and cybersecurity. The platform consists of virtual machines and challenges with varing difficulties.
So you are probably wondering why this section is called “Getting Access” and not something like “Signing Up”. That is because Hack The Box isn’t like any other site. To gain access to signing up for an account you are going to need to hack your way in.
Now there are probably spoilers online that will tell you how to get access but you won’t find that here. Hack The Box is about learning and you won’t learn a thing if you don’t try to pass this stage on your own. Personally, if you can’t figure this part out then there is no point trying to hack one of the machines or complete one of the challenges. It will just be too overwhelming. This is a good place to start with gaining new knowledge and once you gain access it will not only feel amazing that you accomplished it on your own but you will also feel ready for what’s to come.
When you go to the website you will be presented with the frontpage. The site is visually appealing with some pretty nifty effects. Overall it has a really nice look and feel to it. The Individuals page has some more information about the site and it shows a comparison in features between a free account and a VIP account. If you are a complete newbie who is serious about having a career in cybsersecurity then VIP may well be worth your while. For what is provided the price is actually pretty cheap when you consider the cost of some certifications and online courses that have very limited or non-existent practical elements.
If you scroll down on the frontpage you will see a youtube video that you may be interested in watching as well as a Join link that will take you to the invite page.
You will also notice further down that Hack The Box provides dedicated labs for both companies and universities. This site doesn’t mess around. They provide some pretty exceptional services for education with cybersecurity.
Once at the invite page you are presented with a simple form:
From here you will “hack” your way through registering for an account.
If you have some background in web app penetration testing or just web development in general then you will find this quite easy. If you are completely new to this kind of thing then I suggest you have a read about developer tools in your browser of choice: Firefox or Chrome. So that’s it! No spoilers from me… Go have a crack and Have a lof of fun ;)
So you’re in! You have that ultimate feeling of accomplishment. Congratulations you are now a member of Hack The Box… Yew!
The first thing you are greeted with is the HTB Dashboard:
Beautiful isn’t it! It may seem a little overwhelming right now but you will feel at home in no time. Here you will see how many machines are on HTB as well as other details such as how many members are online, the amount of connections there and other interesting statistics. This page also shows Lab Service Status so you can check that everything is well on a service you may be trying to connect to.
You will find a top menu and a left side menu. First thing you should do is to go to the Others section in the left side menu and take a look at the Rules. This information is very important and shouldn’t be taken lightly. Pay close attention to rule number 2 which states:
The HTB Network is 10.10.10.0/24 (10.10.10.1-10.10.10.254). Limit all your curiosity in this specific subnet.
I have actually seen people get confused and followed a domain name to a server on the internet of which they thought they were meant to hack. This will get you legal attention very quickly so ensure that you are within the HTB network at all times.
The rest of the sections are self-explanatory but we will go in to a few important ones to get you on your way. Let’s take a closer look at the Access, Machines and Challenges sections.
In this area HTB let’s you know that Windows is not a good choice as your attacker machine and that you should choose a suitable Linux distro or toolkit. You will also find your connection pack which is an OpenVPN config file that you will use to connect to the HTB VPN:
There are also details on Tickets and your HTB Lab Access Details and if you have any issues getting connected you can try doing the quick suggestions mentioned under Having Issues? where there is also a link to contact support.
In the machines section you will find a list of Active Machines and Retired Machines. You will only have access to Retired machines if you are a VIP Member:
There are a few columns here but we will only go through what isn’t overly self-explanatory.
The Name column shows the name of the machine and it’s official difficulty rating. The coloured bar on the left indicates the difficulty. The different ratings are Easy (Green), Medium (Orange), Hard (Red) and Insane (Grey).
The Owns column shows the owned user and root counts. They will become coloured when you submit a correct flag.
The Expiry column shows you how much time until a machine expires and is powered down.
The Actions column is where you can control the machine. Here you can transfer the machine ownership over to yourself. Once you have ownership you can Start or Stop a machine, extend the expiry time, reset the machine to it’s default settings or submit a flag. You can have one machine running at a time and you are able to change machines at any time.
This next feature I find very handy. In the Actions column you can add a machine to your To-Do list by selecting the love heart button. You can then select the To-Do menu item to view your list or filter them with the Filters tool.
You can make life easier on yourself and filter the boxes. You can find the filter options to the far right above the Actions column. There are many options like sort by and a bunch of tick boxes to show or hide machines in regards to the Status, Difficulty and Operating System type of the machine.
The machine page gives you more detailed information and statistics about the machine such as Status Check and the machine Info Card. You can also control the machine and submit flags from this page too:
This section contains Challenges that you can complete. They are not full virtual machines for you to hack but there are many tasks for you to do that involve downloading zip files containing files related to a challenge or webapp containers where you are to find vulnerabilities to capture the flag.
Challenges are put into categories. These categories include:
In both the Machines and Challenges menus you will find a New Submission link where you can submit your own machines and challenges to HTB if that is something you are in to!