HackTheBox.eu is a VPN running vulnerable Virtual Machines for playing with your hacking skills.
The way to register in is hacking the invite service to get your own code. There’s no other way to get in.
WE’RE NOT HELPING ANYONE TO GET AN INVITE CODE.
Once you’re registered, you can download the .ovpn file to connect via OpenVPN. When connected you’ll be able to connect to subnet 10.10.10.0 where the vulnerable machines are running.
There are always 2 targets in every machine: The user (A file called user.txt at the user’s desktop) and the system (File root.txt at /root/root.txt or at Windows Admin’s desktop). When you get any of that files you can submit them in the Machines page to verify the flag and score your Pwns.
They also offer a VIP service for monthly £10.00 GBP or £100.00 GBP for a year subscription. The VIP service offers wider bandwith, machines hosted in more powerful hardware and access to Retired Machines.
After a time Active the machine becomes Retired, bringing space to a new Active machine to be released. The 20 Active Machines are the machines that count the scoreboard, and the Retired ones (15 right now) are for fun and learning purposes.
Spoilers about Active Machines aren’t allowed, but you can submit your own writeup of Retired Machines, and you can upload it to VulnHub if you’re the machine’s creator (Or you have permission from creator).
The machines come from the users. You can build and Submit your own vulnerable virtualized machine and it can become an Active Machine after being revised.
The scoreboard depends on the number of Users hacked, the Systems, the First Bloods (Be the first submitting the flag after the release) and Challenges.
The Challenges aren’t virtual machines. They’re on the next Categories: Crypto, Stego, Pwn, Web, Misc and Forensics. From cracking a zipfile to reversing a binary they offer many hours of fun and a lot of new things to learn.
Reaching higher scores brings your account status to a new level, depending on the solving progress of the Active Machines and Challenges. Starting from a Noob with the 0% you don’t reach the Script Kiddie until you solve the 5%. Reaching the 20% you get the Hacker status, and Pro Hacker at 45%. Becoming Elite Hacker at 70% is a good target, because after this you can apply your CV to some Job Offerings. The higher your level the more job offerings you can apply. Over the 90% you become a Guru of HackTheBox, that’s a pretty cool title.
All the Active Machines are avaiable to all kind of subscriber (Free or VIP) or level (Noob, Script Kiddie, Hacker, Pro Hacker, Elite Hacker or Guru).
One bad point is that you’re hacking with other hackers and their job can meddle in your job. You can find the /root/root.txt file deleted, but you have a button to restart the machines on the web and it’s easy to rerun the same way to the file. The hard job is to find that way.
Another frustrating point can be lose connectivity because someone issued a reset on the web. There are an alert and a delay when you can cancel the reset, but you can get violently stopped if machine gets a reset and you didn’t pay attention. As before, it’s easy to reach the same point and continue. Maybe even you can benefit from that reset because you didn’t spot a dead service or someone has made a mess on the database.
To meet new friends and get some help when you’re stuck, there is a Shoutbox that also works in the HTB-CLI terminal and they made a Slack community with hundreds of hackers on it. The invitation to the Slack group is in the left navbar under the Forum link.
After solving some machines and challenges you unlock the option to create or manage your team, earning points in group and challenging other teams.
It’s highly recommended for everyone: Newbies and hackers. Try the invite service challenge to get in. It’s funny!
Be polite, bring them a hello if you reach the crew and happy hacking!