What is HACKTHEBOX?
Hackthebox – or HTB – calls itself a “massive hacking playground” and that is exactly what it is – besides also being a great place to learn all about hacking and infosec. In short, they offer anyone the possibility of learning hacking skills without breaking any laws. To do that, HTB offers a wide range of virtual machines and even whole networks that anyone is allowed to attack/break into.
To proof that one has completed a challenge/machine, each of them contains one or more flags (machines contain a user and a root flag). Flags are just long, random strings of characters that HTB knows. To proof successful compromise of a machine or challenge, one needs to submit the corresponding flag.
They also offer competitive hacking games, CTF challenges and an interactive academy. There’s a lot to learn, so let’s get started!
How to register
Registration with HTB is free (although there’s a paid subscription as well that we’ll discuss later). Simply head on over to https://hackthebox.eu and fill in the form. Verify your email address and you’re good to go.
Do note that the same account can be used on both HTB and HTB Academy.
Getting started
There’s several ways to get started. Which one is for you highly depends on who you are, what you know and what type of learner you are.
We’ll discuss two ways. The first approach is the “dive right in” way of doing things, the other one is the “academy” one.
But first, let’s talk about connecting to HTB in the first place.
Connecting
HTB uses OpenVPN to allow users to access machines in their network. They also added the web-based Pwnbox (Parrot), but that is very limited for free subscribers and even paid subscribers only get 24 hours of Pwnbox per month. The following is limited to using OpenVPN.
In order to connect to HTB, simply download your personal .ovpn ticket. To do that, login to the platform and click “CONNECT TO HTB” in the top right corner. Select what you want to access (e.g. Machines) and how to connect (OpenVPN in this case). You are now able to select your access and server (choose the option nearest to your location) and click the download button. Save the file to your attack VM and connect to the network with
sudo openvpn /path/to/your/.ovpn/ticket
You should see a line like this:
2021-06-25 09:13:18 Initialization Sequence Completed
That means that you are now connected to the HTB VPN and able to access machines.
Warning! Always make sure that you are really connected to HTB before running any attack tools!
Diving right in
If you already know your way around Linux, the command prompt and your favorite hacking distribution (i.e. Kali, Parrot, BlackArch, you name it), nothing is stopping you from diving right in, picking a machine and hacking it. Really, go ahead, join one of the free machines and dip your toes.
You may find that hacking a live machine without prior knowledge is way harder than you think, though. This happened to me. I was excited, fired up my Parrot VM and…got nowhere. It took me days and a lot of help from the community to root my first machine (which was “Forest”) as I had no idea how to start, what tools to use (besides nmap) and so on.
Over time HTB got even more beginner friendly and they introduced what is now called the “Starting Point”: very easy machines that come with walkthroughs. I suggest you take a look at those if you are new to the platform and/or hacking in general.
From the menu on the left select “Labs” and then “Starting Point”. A list of machines should appear. Choose one and either click its image on the left or the arrow on the right side to see the machine’s details.
On the details page, locate “Join Machine” (left side) and click it. You’ll be presented with the machine’s IP address. Now either follow the walkthrough or try it yourself. Go ahead, your first flag is not far away! When you get it, make sure to submit it (button is near “Join Machine”).
Academy
Maybe you’re new to the whole thing or maybe you don’t like diving right in. Then the academic way maybe for you. HTB offers a learning path, called “Academy”. You can find it in the main menu on the left side of the page (below “Labs”). The Academy calls itself a “University for Hackers” and offers a wide range of learning paths and modules. There’s free access available, but also a paid model.
HTB Academy is organized in Modules and Paths. Modules will teach students about a specific topic, for example “Stack-Based Buffer Overflows on Linux x86” or “Intro to Assembly Language” and contain interactive sections as well as questions that have to be answered in order to complete the module. Learning paths are collections that group together modules for a specific topic such as “Active Directory Enumeration”.
To enroll in a path or module, students need to spend “cubes”, a currency that HTB academy uses and can be purchased. Modules reward students with cubes upon completion, making some modules essentially free (as they reward the same amount they cost to enroll in).
While students get free cubes when enrolling, a paid subscription is needed in order to enroll in the higher-tiered modules and paths. HTB Academy has three different subscription models:
- “Silver” ($18/month, 4x Tier I modules or 2x Tier II modules plus 200 cubes/month)
- “Gold” ($38/month, 10x Tier I modules or 1x TIER III module plus 500 cubes/month)
- “Platinum” ($68/month, 10x Tier II modules or 1x Tier IV modules plus 1000 cubes/month).
Cubes can also be purchased with one-off payments. Details can be found here.
There’s more
In order to keep this text rather short, a lot of HTB content was omitted. For example:
- Tracks
- Endgames
- Challenges
- Battlegrounds
There’s so much to do on this platform that this text can barely scratch the surface. As a member of HTB I suggest to simply register and take a look around. It’s free after all (some parts are paid subscription only content, though). If you get stuck, there’s the help center (https://help.hackthebox.eu/en/) and the community. That reminds me…
How to get help
The best way to get help is the excellent HTB community. There’s both a forum (https://forum.hackthebox.eu) and a discord (https://discord.com/invite/hackthebox). Both communities are really helpful with lots of people willing and able to help. English is a must.
Please be aware that you should never spoil the game for others. If you read through the forum and/or the discord, you’ll soon get a feeling for how to ask questions and how to hint without giving away too much.
The usual way to get help is to state what you need help with (be specific, but don’t spoil) and ask for someone to DM you (applies to both the forum and the discord). Most users will ask you what you’ve tried so far, so make sure you’re prepared to answer that question. From that point on your experience depends on the person helping you and how you get along. I have never experienced anything negative in over a year of membership. Be polite and you’ll get there. You might even find yourself talking to HTB members outside of hacking HTB boxes and maybe make some friends.
If you are stuck with a machine and need a nudge, check the corresponding forum thread. A lot of people post nudges there (some are extremely cryptic, some a bit obfuscated and some are close to spoilers). That could get you on the right track.
One resource I highly recommend for HTB players is https://ippsec.rocks. Ippsec publishes video walktroughs for all HTB machines after retirement. It’s definitively worth checking out, even for non-HTB members.
Do I need a premium membership?
HTB offers both free and paid memberships. This section will discuss whether you need a paid subscription or will be fine with the free one. For HTB Academy the answer is quite clear: if you want to complete all the modules, you will need to pay.
Of course a paid membership allows you wider access and better quality of service. A huge plus of the paid membership is access to retired machines. On HTB, each and every machine and challenge will retire after a while. Free members can’t access retired machines (well, they can access a very small amount) and challenges, but paid subscribers can.
Paid members also get more exclusive access via isolated VPN Servers (less traffic that the free ones, less connection losses, although the current free servers seem very stable). If other people trying to root the same box as you bothers you (in rare occasions other people can interfere with your attempts), consider a paid subscription.
So – do you need a paid subscription? That highly depends on you. Accessing the vast amount of retired machines (more than 190 at the time of writing this) is nice, as the pool of freely accessible machines contains only a few of each difficulty level and the harder ones might be frustrating. To dip your toes and have some fun, you don’t need it, though. Some more advanced labs are only accessible for paying members. Of course, if you can afford it, a paid subscription helps the platform continue their work, so you might want to consider it anyway.
Concerning Writeups
Writeups to hacking challenges are great and bad at the same time. If you get really, really stuck and frustrated, a writeup can nudge you in the right direction. But knowing that there is a writeup for the machine you are currently playing can lead to yourself spoiling the game for you and weaken the learning experience at the same time.
HTB is quite strict regarding writeups for machines that are not yet retired. The general idea is that there should be no writeup for any machine that is actively played on HTB. But with a bit of Google-Fu, a writeup can be found for every machine out there.
Of course it’s up to every player themselves whether they want to use such resources or not. I recommend to avoid them if possible. If there’s a problem you cannot solve on your own, ask someone to mentor you (lots of people are willing and able). If that’s not what you want to do, get on the internet (or go to a library) and learn about the topic that baffles you. If that fails, ask for a nudge (of course you can do it the other way around). Should that fail as well and you find a writeup – go ahead, find the next step and beat the frustration. But do yourself a favor and close it right afterwards. Rinse and repeat. And most important of all: Have fun hacking!
Parts of the text written by @kedislav (HTB Academy details), you can find him on social media.
Image credit: Sebastiaan Stam via Pexels
steps0x29a 