Career Path, Labs: Penetration Tester
Challenges: Penetration Tester, Forensics, Malware
Until now I never realized that hackthebox also offers free accounts, so I decided to test it and write a short post.
After a challenge here you can create your login. With the connection pack for openvpn it is possible to connect to the labs with a Kali machine (or any other Linux I guess), easy.
With the free account you can solve challenges and active machines.
For owning systems and users there are flags that are stored in files on the machines, for example:
The labs remind me about the OSCP labs, and lots of people are using them for training before the OSCP certification (which might be a good idea, though I did not) or to get an impression about the labs and the exam.
For more information and getting an impression about owning boxes look here, lot’s of walkthoughs for retired boxes.
At the time of this writing 20 machines were online, with different OS versions (Linux, Windows, BSD) and different scenarios. I had a closer look at some boxes and solved one so far in a couple of hours.
The lab looks really fun, and I would recommend it for everyone who wants to train and learn hacking.
The challenges also look quite good, i had a look but honestly, I am much more into owning. Here are the categories for the challenges:
For solving for example the Stego challenges, you download a file with a hidden message and have to find it. I was surprised that there are also some Forensics challenges, I will defilnetly have a look into those too.
This is definetly a great playground for everyone who is into solving challenges and pwn boxes. I am not sure if hackthebox is good for total beginners, there are no big explanations or tutorials for the machines or what is to do. There are the official forums with hints and some websites offering more in depth explanations, although the rules say that this should not be done, and somehow as an OSCP taker (“Try harder”) this feels like cheating. With the VIP membership you also have the retired machines with walkthroughs.
For your career hands-on and solving challenges is a very important part, so I recommend: sign up.