As you may have heard me talk about before, I am a strong advocate of using labs and CTF platforms for learning to hack and learning the skills involved in performing pentests from day to day.
I believe they’re a great way to learn new skills, practice and validate your enumeration and attacking practices, as well as get exposure to new and fun technologies that you may not have exposure to legally by other means.
For a long time, I have used sites like https://www.vulnhub.com/ in order to practice, however, this has required me often to download a large VM (usually 2-3GB+), install it in my hypervisor, and hope it works. Then, assuming I had the power to run a VM, I’d be able to hack it, find the flag and feel the buzz of breaking into a box and seeing that
root.txt, sexy hash.
There is nothing wrong with this method, I think it’s a great resource for people. However, somewhat recently I have come across this new platform called HackTheBox, and I was super impressed with what I found.
You create an account (which you can only obtain by hacking the site), and then you download a VPN profile (which is free), and then you connect to the VPN and can hack a large array of boxes, get the flags, and input them into the platform. It shows up on your profile and you get a title: “Script Kiddie, Hacker” etc.
What is really nice about this is that you can compete with other people, as well as work together with other people on boxes. It gives you a chance to test your skills against boxes running Windows, Linux, BSD and even Solaris. Boxes vary a lot from webservers servers to switches, to old retro machines.
Some of the boxes can be really challenging as well, such as Nightmare, which made some waves on Twitter after it’s release:
Overall, it’s a really cool platform, boxes are turned over and released very often, and is all done really well. Because I really appreciated the platform, I got myself a VIP subscription because I really believe in supporting people like HackTheBox that allow people to get their fix of hacking, legally, and in a productive way, as well as the ability to get access to practically untouched boxes, so they’re super fast, it’s like hitting a box in your local network.
The free labs can be slow occasionally, but you can obtain a VIP subscription, it’s really a no-brainer for what you get out of it, including the potential to improve your skills and do better in your day-to-day profession.
0x00sec + HackTheBox Partnership
Today, we are proud to say that 0x00sec is now in partnership with HackTheBox. What this means for the community is that we will have the ability to provide VIP subscriptions free of charge to winners of future 0x00sec CTFs, as well as those who show a real desire to lead the community and regularly contribute, but just don’t have the means to stretch to VIP.
We hope to start more regular HackTheBox sessions, where we can collaborate and work and learn on boxes together as a community.
This might involve things such as retired-boxes writeups and internal-community competitions to root new boxes.
In order to support HackTheBox and our partnership, if you haven’t done so already, we strongly recommend that you not only go and make an account at HTB but you also get a VIP subscription. There are really no platforms like this around, and it costs money to host boxes across the world in order to provide a good CTF platform for hobbyists and professionals alike.
If you want to support the 0x00sec community, and invest in yourself and your skills at the same time, create an account at HackTheBox and get yourself a VIP subscription. I already have one as do many other 0x00sec members. We even have a #htb channel in the IRC!
Tell me in the comments, what do you think about HackTheBox? What are your favorite boxes? How long have you been using HTB?