Ever wondered how the future of our gamified paradigm towards learning information security will look like?
Ever had a competitive itch to play against a rival team of players, engaging in a fierce battle over defending and attacking vulnerable virtual machines?
Ever wanted to test your skills, compare them against the best of the industry and target your weak points to bring yourself to the next level?
We have the answer to these questions. Battlegrounds is a real-time game of strategy and hacking, where two teams of 4 people each battle for supremacy over the environment. The first truly multiplayer experienced brought to you by Hack The Box.
The only thing you will need to prepare is a virtual machine with Parrot Security OS deployed on it, from where you will download your Battlegrounds OpenVPN pack.
In order to play Battlegrounds, click here. You will be met with the initial screen, offering you the invitation to Play Battlegrounds.
Once you've accepted the invitation, you will be met with the lobby screen.
The lobby screen contains all the pre-game controls, settings, chat lobbies and game-mode selections. From this screen you are able to organize your team, add them to the lobby with you and start your game with the preferred game-mode.
At the bottom right, you have your team line-up. In order to be able to team up with different players, you will need to have Followed them on the platform. In order to do so, simply click a chat member's name and click the Follow user option.
You will be met with a confirmation popup at the top right of your screen.
You can also do so with any member of the platform as long as you visit their profile page and click the Follow button.
Once both of you have followed eachother, you can form a team.
If you're already a part of an older team, you will need to leave it manually in order to be allowed to invite a friend and form a new team. In order to do so, navigate to the Party Settings submenu and click on the Leave Party button.
Now, you can proceed with adding your friends. Simply click the right-most button on the Battlegrounds Party line-up and you should see all of your Followed friends there.
If, after the game, you decide that you don't want to be friends with them anymore, you can always kick them from the party by clicking on their profile picture in the Battlegrounds Party line-up. Just like in real life.
We embellish the experience of our members with realistic scenarios.
If you end up having no online friends to play with, fear not.
Even if your team is partially full or if you're the only one online, you can proceed with playing, as our Matchmaking System will take care of the rest. Matching with a partially empty team will assign you and other players looking to team up together, on a first-come first-served basis.
The right side of the page also contains detailed information about the two game-modes. Simply click one of their tabs at the top or on their respective How to Play buttons to see the rules that apply to that specific mode.
It's always a good idea to read this if you're a first-timer in Battlegrounds before you jump in.
Cyber Mayhem is an Attack / Defence style game where two sets of machines are spawned, each set belonging to a team. Each team is given root access to their own set of machines and is tasked to secure them while trying to attack the opposing team’s machines.
What are your Objectives, you ask?
- Form or join a team and start the game
- Download VPN keys to get access to the machines your team has been tasked to attack
- Work with your team to come up with a strategy for defending and attacking
- See the progress of the match in the battle page
- Οwn machines’ user and system accounts tο win!
First, invite all your friends in one single team. Once your team is ready to deploy, click on the Play Battlegrounds button, and then on Find Match. Further settings for this section will be available once we bring out more features like region selection, solo gameplay and Server Siege.
You will be then placed in a queue. Your team will be matched with other teams looking to play Cyber Mayhem at that time. If you wish to cancel the Matchmaking sequence, simply click on the Cancel Match button, which will stop the sequence and allow you to further organize with your team.
Once a match has been found, a message will pop-up, displaying the readiness status of the users on both teams. Each user will have to click on the Accept button within 60 seconds in order to "ready up" and proceed with the game.
From this point on, if all users have Accepted, the teams are locked in and the game starts loading.
Once on the loading screen, you can still chat with your team and the opposite team. You can take this moment to make sure everything you need is set up and download the .ovpn pack from the prompt.
The status at the bottom will display the progress of the game during start-up. Once the bar is fully filled, the teams are dropped into the game with the 8 machines ready and running.
Once in, the game announcer will let you know that the flags have been planted on both yours and the rival team's machines. You can immediately start discussing with your team to form a plan of attack.
Your team status is displayed at the top left, along with the Match Settings button. Here you can see how many points your team accumulates during the match and also, by hovering over each of the members' profile pictures, the amount of traffic generated by each team member.
The other team is also at the top, on the right side. In the middle you can spot the match timer. Once this timer reaches 00:00, the match is over and the winning team is announced. Another way to end the match is for one team to surrender.
The machines for both teams are right below this top bar. In the middle, you can switch between the Battle Log, Team Chat and Battle Chat. The first one will display in detail (depending on the filters you apply to it) what is happening during the match. Event triggers such as flags being planted, machine user or root owns and other such triggers will appear here.
The latter two tabs define you team's private chat where you can coordinate actions, respectively the global chat for the whole match, where you can instigate violence towards the opposite team.
During the match's initial phase, it's considered good practice to assign yourself to the tasks you want to perform. Pictured below is how you can assign yourself to defending a certain machine. This can also be applied to attacking a certain machine.
From the same submenu, you have access to the root password of the defended machine in order to connect to it remotely, through SSH. Using this password, you should immediately scan your machine for vulnerabilities and perform patches on them to deny entry for the enemy team.
Going back up to the Match Settings menu, you can quickly Download VPN, Disconnect from the match or initialize a Surrender vote.
At the bottom of the Battle Log, you have your filter options. From here, you can pick which type of information you want to see in the log. This can help declutter it during a match, leaving you only with the information you are interested in, depending on your role in the team.
At the bottom right of the page, you can submit any flags you find from the opposite team's machines. This allows you to quickly paste them in the page without needing to click on the user or root buttons for each machine separately. The platform will automatically identify the flag for you and assign the needed points to your team.
Once some owns have occurred and the flags have been submitted, you will notice the progress bars for each of the teams at the top, right below the score amount and the time left.
If one of your machines has been completely owned by the enemy team, you will receive a notification regarding the status of the breach. The Losing Points status refers to the continuous loss of points due to the machine having a broken service. This will only revert if a patch is applied or if the service is reset. You can also see that the status of both flags is set to breached.
Enemy machines that your team has successfully breached will be marked with green, marking the fact that the flags have been successfully taken.
Towards the end of the match, the difference in points will be all that matters. Use any advantage at your disposal to increase this as the match approaches its end.
If any of the teams see no possible way of winning the current match, the option to Surrender exists. This avoids wasting time on a lost match until the timer reaches 00:00. Any team will need 3/4 successful surrender votes to pass the vote and end the game.
After each finished game, an after-action report will be available. This will contain all of the match's information, events, final points value for each time and a summary of the activity for each player.
Also, during your gameplay, it's very important to take note of the following general rules:
- Players aren't supposed to shut down machines.
- Players are not allowed to change the root password of machines.
- Processes/commands that are marked with `HTB=1` prefix should not be considered as part of the exploitation process since they are system checks to ensure that machine's legitimate functionality is preserved.
- Defenders are not allowed to massively "kill shells" in order to secure their systems. They should focus on patching the actual vulnerabilities.
- Defenders aren't supposed to kill a service just to patch vulnerabilities.
- When defenders try to patch vulnerabilities, it's their responsibility to make sure that no underlying functionality has been stopped due to their patch. For example, there is a reason for sudo entries so when they are modified they should still serve their original purpose. Removing a sudo entry is not a "fix" and defenders should consider fixing the insecure "sudo entry" instead of removing it.
- If a system check has been fired in the middle of a service restart or machine reset/reboot there is a chance that defenders will be punished with loss of points. This is intended and the reason behind that is to "award" the players who didn't restart/reboot many times.
- Surrenders can’t be called before the 15 minute mark.