Hack The Box – Playground for Ethical Hacker

CTF (Capture The Flag) events are becoming increasingly popular in the InfoSec world. Every week there are meetings where computer security lovers meet to demonstrate their hacking skills.

And the way hackers are trained for these events are the CTF labs, websites where you can find hundreds of challenges of different categories: web, pwn, steganography, cryptography, etc.

Hack The Box is one of these labs. Not only does it offer challenges, but entering it is a challenge in itself: you have to hack the web to get an invitation.

If you want to enter Hackthebox, you must have Invite Code

In this post, I will not share how to get the Invite Code. Before you ask for a clue or search the internet, try to do your best. If you don’t get through this challenge on your own, you will hardly be able to face the Hack the Box CTFs.

Once you get the invitation, you’ll find something like this:

Hack The Box is essentially divided into two parts: Machines and Challenges

Machines

This is the funniest part of Hack The Box. In this part, you were given list of machines and your main task is to choose one of these machines and then exploit it to get the user flag and the root flag. Each flag is in the respective home folder. It’s as simple as that.

Since these machines has private IP address, you need to have a VPN connection to Hackthebox system. To create it, you must go to Access and download the Connection Pack and then use OpenVPN to execute downloaded .ovpn file.

$> openvpn user.ovpn

Once the connection is established, you only have to go to Machines -> All -> Active Machines and choose the IP of the machine you want to exploit. The rest is up to you.

Challenges

Challenges are often simpler and quicker to make than machines. You don’t need a vpn for do a challenge. So I think it’s a good option to start here. There are currently 9 different types of challenges:

  • Reversing: reverse engineering. It consists of disassembling an executable to obtain the source code of the application.
  • Crypto: cryptography. The challenges
  • are based on questioning your ability to break encryption.
  • Stego: steganography. It consists of hiding messages inside texts, images, audios, etc, so that they go unnoticed.
  • Pwn: to get the flag, you must compromise the safety of whatever you are given and become its owner and lord.
  • Web: web hacking challenges. SQL injection, XSS, and much more.
  • Misc: a bit of everything. You don’t know what you can find.
  • Forensics: you will have to use computer forensic techniques to discover the flag of the files.
  • Mobile: hacking of mobile applications.
  • OSINT: open source intelligence. You have to gather information from publicly available sources, such as social media, company websites, and news articles.

All challenges are to find out the flag, which always has the format: HTB{s0m3_t3xt}.

With this post you have everything you need to get started with Hack The Box. In subsequent blogs, I will explain different techniques that can be used to solve challenges and machines.

Leave comment

Your email address will not be published. Required fields are marked with *.