How to play Challenges (for HTB Classic)

Learn more about our collection of challenges, how to tackle them and more!

Last updated by 0ne-nine9 (admin)

Updated at May 29th, 2020

Challenges are bite-sized applications of different pentesting techniques. These come in three main difficulties, specifically Easy, Medium and Hard, as per the colouring of their entries on the list. However, the actual difficulty is rated by the users that have completed the challenge and these range from Piece of cake to Brainfuck.

The purpose of challenges is to both introduce new users to different concepts such as reversing, OSINT, steganography, etc., but to also challenge the more experienced ones with creative ways to resolve some of the more challenging entries on the sortie. 

Our current challenge categories are as follows:

  • Reversing

  • Crypto

  • Stego

  • Pwn

  • Web

  • Misc

  • Forensics

  • Mobile


Same as with the machines, anyone can submit new challenges for review. If they are accepted, they will end up on the platform for everyone to play around with and try to solve!

Active Challenges

Most of the challenges on our lineup are active. This means that no walkthroughs are allowed for them as long as they stay in this state. These offer points to the user who completes them depending on their difficulty.

The difficulties and their respective point allowance are as follows:

Easy - 10 to 30 points

Medium - 40 to 50 points

Hard - 50 to 100 points

These values are not fixed and you might spot some special occurrences.

Note that the points here are not the exact amount that will be attributed to your user profile. These will go through the calculation formula we use, which can be found on your Points Breakdown page. You can visit your own Points Breakdown page by visiting your public profile, and clicking on the :info: icon below the points amount displayed for your user account.

You can find the Active challenges under each different challenge category, by navigating to the menu on the left, selecting a challenge category and looking at the top part of the list:

Retired Challenges

In order to access the retired challenges, you only need to scroll down from your previous location.

These look and behave the same as the active challenges, but do not offer you any points upon completion. However, they’re a good tool to learn what that category entails and how some of the ways of solving these challenges function.

Solving Challenges

Most of the challenges require you to download a given archive that contains the starting materials for you to work on. Be they items that you need to reverse engineer, images for OSINT searches, images with hidden data inside of them, they will all require you to download and extract the files. All of them come in password-protected form, with the password being hackthebox

On the top of the drop-down menu for the challenge entry you can see the amount of points the challenge offers upon completion, the title, the creator, the solve amount, rating controls and the difficulty graph.

The description of the challenge is usually a hint towards what the challenge entails.

Once you finish the challenge and input the flag, you will need to select a difficulty rating before submitting. These will contribute to the overall difficulty graph above.

Note that the flags will always be in the format mentioned in the text box of the challenge. They will never deviate from that form: HTB{s0m3_t3xt}

Some of the challenges require you to spawn a docker container that will host the challenge for your user account. You can simply do so by pressing the button assigned to that function.

That’s it! Now you’re ready to take on some challenges!

Was this article helpful?

Can't find what you're looking for? Please contact our

Customer Support team