Ever wondered how the future of our gamified paradigm towards learning information security will look like?
Ever had a competitive itch to play against a rival team of players, engaging in a fierce battle over defending and attacking vulnerable virtual machines?
Ever wanted to test your skills, compare them against the best of the industry and target your weak points to bring yourself to the next level?
We have the answer to these questions. Battlegrounds is a real-time game of strategy and hacking, where two teams of 4 people each battle for supremacy over the environment. The first truly multiplayer experienced brought to you by Hack The Box.
The only thing you will need to prepare is a virtual machine with Parrot Security OS deployed on it, from where you will download your Battlegrounds OpenVPN pack.
To play, navigate to the Battlegrounds page, and you'll be met with the lobby screen.
Fight on the Battlegrounds by clicking the button below:
The lobby screen contains all the pre-game controls, settings, chat lobbies, and game-mode selections. From this screen, you can organize your team, add them to the lobby with you and start your game with the preferred game mode.
At the bottom right, you have your team line-up. To team up with different players, you will need to have Followed them on the platform. To do so, click a chat member's name and click the Follow user option.
You will be met with a confirmation popup at the top right of your screen.
You can also do so with any platform member as long as you visit their profile page and click the Follow button.
Once both of you have followed each other, you can form a team.
If you're already a part of an older team, you will need to leave it manually to be allowed to invite a friend and form a new team. To do so, navigate to the Party Settings submenu and click on the Leave Party button.
Now, you can proceed with adding your friends. Click the right-most button on the Battlegrounds Party line-up, and you should see all of your Followed friends there.
If, after the game, you decide that you don't want to be friends with them anymore, you can always kick them from the party by clicking on their profile picture in the Battlegrounds Party line-up. Just like in real life.
We embellish the experience of our members with realistic scenarios.
If you end up having no online friends to play with, fear not.
Even if your team is partially full or if you're the only one online, you can proceed with playing, as our Matchmaking System will take care of the rest. Matching with a partially empty team will assign you and other players looking to team up together on a first-come, first-served basis.
The right side of the page also contains detailed information about the two game modes. Click one of their tabs at the top or on their respective How to Play buttons to see the rules that apply to that specific mode.
It's always a good idea to read this if you're a first-timer in Battlegrounds before you jump in.
Cyber Mayhem is an Attack / Defense style game where two sets of Boxes are spawned, each belonging to a team. Each team is given root access to their own set of Boxes and is tasked to secure them while trying to attack the opposing team’s Boxes.
What are your Objectives, you ask?
Form or join a team and start the game
Download VPN keys to get access to the Boxes your team has been tasked to attack
Work with your team to come up with a strategy for defending and attacking
See the progress of the match on the battle page
Οwn Boxes’ user and system accounts tο win!
First, invite all your friends to one single team. Once your team is ready to deploy, click on the Play Battlegrounds button and then Find Match. Further settings for this section will be available once we bring out more features like region selection, solo gameplay, and Server Siege.
You will be then placed in a queue. Your team will be matched with other teams looking to play Cyber Mayhem at that time. If you wish to cancel the Matchmaking sequence, click on the Cancel Match button, which will stop the sequence and allow you to further organize with your team.
Once a match has been found, a message will pop up, displaying the readiness status of the users on both teams. Each user will have to click on the Accept button within 60 seconds to "ready up" and proceed with the game.
From this point on, if all users have Accepted, the teams are locked in, and the game starts loading.
Once on the loading screen, you can still chat with your team and the opposite team. You can take this moment to make sure everything you need is set up and download the .ovpn pack from the prompt.
The status at the bottom will display the progress of the game during start-up. Once the bar is filled, the teams are dropped into the game with the 8 Boxes ready and running.
Once in, the game announcer will let you know that the flags have been planted on both your and the rival team's Boxes. You can immediately start discussing with your team to form a plan of attack.
Your team status is displayed at the top left, along with the Match Settings button. Here you can see how many points your team accumulates during the match and, by hovering over each of the members' profile pictures, the traffic generated by each team member.
The other team is also at the top, on the right side. In the middle, you can spot the match timer. Once this timer reaches 00:00, the match is over, and the winning team is announced. Another way to end the match is for one team to surrender.
The Boxes for both teams are right below this top bar. In the middle, you can switch between the Battle Log, Team Chat, and Battle Chat. The first one will display in detail (depending on the filters you apply to it) what is happening during the match. Event triggers such as flags being planted, Box user or root owns, and other such triggers will appear here.
The latter two tabs define your team's private chat to coordinate actions, respectively the global chat for the whole match, to instigate violence towards the opposite team.
During the match's initial phase, it's considered good practice to assign yourself to the tasks you want to perform. Pictured below is how you can assign yourself to defend a certain Box. You can also apply this to attacking a certain Box.
You have access to the Defended Box's root password to connect to it remotely through SSH from the same submenu. Using this password, you should immediately scan your Box for vulnerabilities and perform patches on them to deny entry for the enemy team.
Going back up to the Match Settings menu, you can quickly Download VPN, Disconnect from the match or initialize a Surrender vote.
At the bottom of the Battle Log, you have your filter options. From here, you can pick which type of information you want to see in the log. This can help declutter it during a match, leaving you only with the information you are interested in, depending on your role in the team.
At the bottom right of the page, you can submit any flags you find from the opposite team's Boxes. This allows you to quickly paste them on the page without needing to click on the user or root buttons for each Box separately. The platform will automatically identify the flag for you and assign the needed points to your team.
Once some owns have occurred, and the flags have been submitted, you will notice the progress bars for each of the teams at the top, right below the score amount and the time left.
If one of your Boxes has been completely owned by the enemy team, you will receive a notification regarding the status of the breach. The Losing Points status refers to the continuous loss of points due to the Box having a broken service. This will only revert if a patch is applied or if the service is reset. You can also see that the status of both flags is set to breached.
Enemy Boxes that your team has successfully breached will be marked with green, marking the fact that the flags have been successfully taken.
Towards the end of the match, the difference in points will be all that matters. Use any advantage at your disposal to increase this as the match approaches its end.
If any of the teams see no possible way of winning the current match, the option to Surrender exists. This avoids wasting time on a lost match until the timer reaches 00:00. Any team will need 3/4 successful surrender votes to pass the vote and end the game.
After each finished game, an after-action report will be available. This will contain all of the match's information, events, final points value for each time, and a summary of the activity for each player.
Server Siege is the ultimate offensive battle of the hackers. A set of Boxes are spawned, and two teams compete to see who can use their hacking prowess to own them first. Once you've hacked your way into a Box, secure your position and race the other team to acquire the root flag.
Once both the user flag and the root flag have been submitted on a Box, the flags can't be resubmitted, and that box has been essentially completed. Don't waste time on Boxes where flags have already been submitted. Focus on Boxes that haven't had both their user and root flags owned!
To join a game, select Server Siege from the Battles Options. Select either 2v2 or 4v4. If your game is a Private Game, enter your Private Code into the field and click on Find Match.
Once a match has been found, you will have to accept the match to confirm you'd like to participate.
Once you have accepted, the match will begin to load. You'll notice there is the Download .OVPN button here. Clicking on it will allow you to download your OpenVPN package in advance, but it will not connect until the match fully loads.
Once the match is fully loaded, you will be presented with the primary match screen for Server Siege.
Once the game is loaded, you'll be able to see the set of Boxes spawned for the Server Siege match. The IP addresses will be to the right of their names, and underneath them, you'll see the current state of the user and root flags.
Clicking on the gear icon in the top left will bring up the match menu. From here, you can download the VPN package, disconnect from the game, or surrender.
You can also assign Boxes to specific people. This helps you coordinate your efforts as you attempt to win the match.
Once you find a flag, be sure to submit it quickly! Remember, this is a race, so you want to be as fast as possible. You can find the flag submission Box on the lower-right of the page.
Rules of Engagement
Also, during your gameplay, it's imperative to take note of the following rules:
Players aren't supposed to shut down Boxes.
Players are not allowed to change the root password of Boxes.
Processes/commands that are marked with the `HTB=1` prefix should not be
considered part of the exploitation process since they are system checks to ensure that the legitimate functionality of the Boxes is preserved.
Surrenders can’t be called before the 15-minute mark.
Helping the opponent team in any way and for whichever reasons can lead to disqualification. Any actions against the platform and HTB infrastructure itself are prohibited.
Defenders are not allowed to massively "kill shells" to secure their systems. They should focus on patching the actual vulnerabilities.
Defenders aren't supposed to kill a service to patch vulnerabilities.
When defenders try to patch vulnerabilities, it's their responsibility to ensure that no underlying functionality has been stopped due to their patch. For example, there is a reason for sudo entries, so they should still serve their original purpose when they are modified. Removing a sudo entry is not a "fix", and defenders should consider fixing the insecure "sudo entry" instead of removing it.
If a system check has been fired in the middle of a service restart or Box reset/reboot, there is a chance that the game will punish defenders with a loss of points. This is intended, and the reason behind that is to "award" the players who didn't restart/reboot many times.