How to play Machines

Last updated by 0ne - nine9 (admin)

Updated at October 29th, 2020

Following the release of the new version of the Hack The Box platform, we are putting out guides on how to navigate the new interface. 

Whether you’re a new player or a veteran in Hack The Box, this guide will give you some useful tips and guidance on how to play Machines in the new platform design.


Navigating to the Machines page

From your dashboard, you’ll need to navigate to the left-hand side menu and click on Labs, then Machines.


This will take you to the Machines line-up page, where all controls required for you to play the Machines can be found. This includes VPN connection details and controls, Active and Retired Machines, to-do list and more.


Machine difficulties

There are four types of difficulties for the Machines you're about to undertake; Easy, Medium, Hard and Insane.

They are named appropriately and have their own respective logo language:

  Easy Machines


  Medium Machines


  Hard Machines


  Insane Machines


VPN Server selection

If you'd like to learn more about how to use the VPN ticketing system and subsequently how to connect to the labs in order to access the Machines, please check out this article for a detailed process explanation.


Highlights

On the Machines page, you will see the highlighted Machines at the top. These can be any number of highlights, such as the staff pick, the next machine to retire and the newly announced machine for the week.


For the Machines that have an upcoming launch date announced, there will be a timer to the actual release of the machine along with some basic information about it.

For the Machines that have a retiring date set, there will also be a timer until retirement along with the option to Play Machine, which will start an instance of that machine on your selected VPN Server.


Menus

There are three menus that you can select from in order to filter through the Machines lineup.

  • Active Machines

  • Retired Machines

  • Machines To-Do List


Active Machines

The Active Machines list displays the boxes that are available to everyone, both VIP and free account users. 


In the case of VIP users, these, like any other machine, will need to be booted up by the user attempting to attack them. In the case of free users, these Machines will be always online on their respective Free lab VPN servers.


Retired Machines

The Retired Machines list displays the boxes that have been retired and offer no more points upon completion. However, these boxes provide both the official and user submitted write-ups for the educational advancement of users. You can use these write-ups not only to learn how to tackle the box, but also how different services and setup configurations can be abused to gain access to a vulnerable system.

The list is split in two - one part consisting of the retired Machines (which are available to free users) as well as VIP ones (which contains the last two Machines to retire) - the other part containing retired Machines only available to VIP users.


Machines To-Do List

The Machines To-Do List contains Machines (both Active and Retired) that you’ve added to your own personal to-do list. To find out more about how to add a Machine to your to-do list, please read below.


Filters

Each of the above lists can be filtered according to your needs. The filter options are listed as drop-down menus above the machine entries in the respective list. These consist of the following:

  • Status (Complete, Incomplete, both)

  • Sort By (Release Date, Name, User Owns, Systems Owns, Rating, User Difficulty)

  • Difficulty (Easy, Medium, Hard, Insane)

  • OS (Linux, Windows, FreeBSD, Other)


You can also use the Advanced Search on the Retired Machines menu. This will allow you to filter in more detail according to the Attack Path, Attack Sub and Programming Languages used during the attacks.


Remember to clear your filters if you’re looking for a certain Machine that you can’t find!


Picking a Machine to play on

Once you get accustomed with the line-up interface, you can pick a machine that you’d like to tackle. In this example we’ll be using Sauna.

Note that some of the items you will see here will be set for a VIP account. For a free user account, you will not need to start up or stop the machine in order to play it.


The general box information can be found in the header at the top. This will display the logo and name of the box, the difficulty rating and the amount of points offered upon completion for the box.


The Machine state, control buttons and other links can be found on the left of the page. If you’re a VIP user, you can start or stop the Machine from here. 

All other users can add the Machine to their To-Do List, submit a review of it or visit the Forum link associated with it.

The Forum Thread link should be especially useful to beginners as this is where posts about certain challenging tasks within the machine can be found.


On the main section of the machine page, you can find the tabs related to general information, statistics, activity of other users, changelog for this machine, other users' reviews and walkthroughs (once this machine retires).

Take your time getting accustomed to each of them before proceeding.

The IP address of the Machine can be seen below the machine state, on the left-hand side. For VIP users, this IP address will only become visible after the machine is powered on.


Free account - Playing on a Machine

If you’re using a free account, you only need to make sure your VPN is connected. You will not have the machine start / stop buttons because the Machines on the active line-up for the free servers will be online at all times for you to attack.

Following the steps above, you should already have an .ovpn connection pack ready and waiting in your ~/Downloads folder. From there you only need to boot up your OpenVPN session with the following command, after navigating to the ~/Downloads folder.


After you get the Initialization Sequence Completed message at the end of the OpenVPN log, you can open a new terminal tab and try to ping the box’s IP address.

Visiting the machine page you can see all the required information, as seen above.


VIP account - Playing on a Machine

As a VIP user, you will need to boot up an instance of the machine you’d like to tackle. The reason for this is that there’s a high number of VIP servers. While we can’t keep all the Machines running all the time for all of these servers, we can give the users the option to start and stop a Machine on demand.


Following the steps above, you should already have an .ovpn connection pack ready and waiting in your ~/Downloads folder. From there you only need to boot up your OpenVPN session with the following command, after navigating to the ~/Downloads folder.


After you get the Initialization Sequence Completed message at the end of the OpenVPN log, you can open a new terminal tab and try to ping the box’s IP address.

Visiting the Machine page you can see all the required information, as seen above.


Resetting a Machine

Sometimes a Machine gets stuck or one of its services are manipulated by another user into failing. This requires a reset. In order to do so, you only need to press the Reset Machine button on the status section.


Resets will clear the progress for any other user, including you, so please make sure that there’s actually something wrong with the services and it’s not localized to your own attack process before issuing a reset. A best practice would be to ask other users if there’s something wrong with the Machine or the way you are trying to tackle it.


Extending a Machine’s time

Any instance on any VIP server has a lifetime. Once this lifetime expires, the Machine is automatically shut off. If you are in the process of attacking an already close-to-expiry instance and wouldn’t like to be interrupted by it shutting down, you can extend the Machine’s time. This will give you ownership over that instance and will extend the lifetime to the maximum of 24 hours.


Submitting found flags

Once you’ve found a flag, submit it immediately! There is a flag rotation mechanism in place and if someone resets the Machine, you can lose all progress on your current instance as the instance will boot up from scratch and the flag will be rotated.

In order to submit a flag, you can press the Submit Flag button on the status section.


Please take note of the fact that you will be required to rate the Machine before the platform will let you press the Submit Flag button.


Stopping a Machine

Once you are done attacking a Machine and would like to take on a different one, you will first need to shut down the previously owned instance. The platform will not let anyone have two active instances at the same time, so you will have to click on the Stop Machine button in order to shut your previous one off.


Reviewing a Machine

We highly encourage everyone to take part in the development of future Machines in Hack The Box by posting their opinions about the current ones that they are tackling! Once a Machine is owned by you, you can submit your review of it by clicking the Review Machine button.

Was this article helpful?

Can't find what you're looking for? Please contact our

Customer Support team