💻Getting Started With HTB Platform

Hack The Box (HTB) is a popular platform for cybersecurity enthusiasts to sharpen their skills through hands-on challenges. This guide will walk you through creating an account, exploring key features, and getting the most out of your HTB experience.

Account Creation

To Create an account on the HTB platform, go to this registration page and follow the steps I will show you

HTB Account

1. Sign up on this page with your email (Google, Outlook, LinkedIn, or any other provider).

If you have an academic account, I highly recommend using it to sign up for the student subscription and unlock its benefits.

1. Fill in the required field as follows

1. After you sign up using your email, you will be redirected to your account dashboard page. Now, Click on the third Link Account button.

1. If you see this page, you created the account successfully and the site only asks you a few questions.

1. After answering them, you will get to your account's main page.

• Congratulations, your account has been created successfully :)

---

Starting Point (Free)

Starting Point machines are designed to teach students the fundamental tools and commands they’ll need in their cybersecurity careers.

There are three tiers of machines: Tier 0, Tier I, and Tier II. Each tier offers both free and paid machines. For example, Tier 0 includes four free and four VIP machines.

Each Tier aims to teach you different things:

Tier 0:

• Learn how to connect FTP, SMB, Telnet, Rsync, and RDP anonymously.

• Learn how to use Nmap to identify open ports.

• Learn how to connect to a MongoDB server.

Tier I

• Learn basic web exploitation techniques such as SQL injection, Server Side Template Injection, Remote File Inclusion, and how to use Web/Reverse Shells.

• Use the services showcased in the previous tier for exploitation.

• Learn how to log in to Jenkins and upload a Groovy Shell Script.

• Learn how to upload files to an S3 Bucket.

Tier II

• Learn how to exploit XXE, IDOR, and Log4j and perform cookie manipulation.

• Learn how to exploit binary path hijacking and sudo permissions for privilege escalation.

• Learn the basics of Brute Forcing.

• Learn how to exploit LXD for privileged filesystem access.

• Learn how to exploit insecure functions like "stcmp()" in PHP.

If you're complete beginner, start with these starting point machines and complete free ones and VIP ones if you can then move to machines and challeneges.

---

Seasons

HTB loves to make things gamified, So they make seasons. Each season lasts for 13 weeks with a new machine released every week.

The player has a week to hack the machine and get the user flag and root flag in Linux systems or the administrator flag in Windows systems to collect seasonal points.

Seasonal points are granted rewards from HTB after the season ends.

---

Machines

As of this writing, Hack The Box features 407 machines. These machines are categorized into active and retired, which I’ll explain below.

The machines are categorized by difficulty (Easy, Medium, Hard, and Insane) and operating system (Linux, Windows, FreeBSD, and others).

Active Machines (Free)

Active machines are free ones that everybody can play at any time. Also, they give you points which will increase your rank on the platform.

After the machine retires, It continues to be free for a week and then becomes paid.

---

VPN Connection

Click on any machine to access its details page.

Then, click Join Machine to start it and get the IP address.

To connect to the VPN, follow the steps:

1. Click on Connect to HTB and then Machines

1. Choose the OpenVPN option:

Pwnbox is a virtual machine provided by HTB that allows direct access to any lab. VIP+ members enjoy unlimited usage. While not essential, Pwnbox is recommended for those who want a streamlined experience.

1. Choose any server and specify 443 port number, then Click Download VPN

If you have an issue with downloading .opvn file, Just change the VPN Server

In your Kali VM, put the .opvn file in Desktop, and on the terminal type:

sudo openvpn <file_name>.opvn

If everything goes correctly, you will get an IP and view it using this command:

ifconfig tun0

Now, you can ping the machine and start hacking :)

---

Retired Machines

Retired machines require a VIP or VIP+ subscription to access. All of them have official writeups and video walkthroughs you can access them at any time.

Each HTB easy or medium machine has 2 modes:

• adventure mode: submit user flag and root flag

• guidance mode: Players will be guided through a series of questions designed to help them pwn the machine.

Challenges

If you like playing CTFs, HTB challenges are the best :)

There are several categories of challenges there:

• AL - ML

• BlockChain

• Forensics

• GamePwn

• Hardware

• Misc

• Mobile

• OSINT

• pwn

• Web

• Reversing

The active challenges are free and retired ones are paid

To play any challenge you want, just click on its name and there are three important buttons here:

• Start Instance: To start the challenge app

• Download Files: The necessary files for the challenge

• Submit Flag: Submit the flag when you get it

---

Ranking

There are several ranks in the platform:

• Noob

• Script Kiddies

• Hacker

• Pro Hacker

• Elite Hacker

• Guru

• Omniscient

Solving active machines, challenges, endgames, and fortresses earns you points to increase your rank.

To get hacker rank you should complete 20% of active labs, 45% for Pro Hacker, 75% for Elite Hacker, 90% for Guru and 100% for Omniscient.

Reaching Hacker rank unlock fortresses for you to play, Reaching Guru rank on the other hand, unlock End-games.

you can view your rank on your profile page:

---

Sherlocks

Although HTB focuses more on Red team labs, They created Sherlock for Blue teams. There are categories such as DFIR, SOC, Malmare analysis, and others.

The active and retired sherlocks are all free :)

Click of any challenge you want, and download the files of it, Then you need to answer the questions they put for this challenge to complete it.

---

Tracks

A Track is a selection of machines and challenges tied together for users to progress through, mastering a particular subject.

You can enroll in a specific track to learn a particular subject such as OWASP TOP 10 or Active Directory pen-testing and others.

---

Pro Labs

Pro Labs are red team labs and Interactive hacking training in realistic corporate environments containing the following:

• Multiple Machines

• Realistic Scenarios

• Simulated Users

• Advanced Infrastructure

At the moment of writing the post, There are 7 Pro Labs and 4 mini-pro labs

• Pro Labs: Dante, Zeyphr, Offshore, RastaLabs, Cybernetics and APTLab

• Mini Pro-Labs: Full House, Xen, P.O.O and Hades

Each Pro Lab varies in difficulty. Dante is designed for beginners, while Zephyr, Offshore, and Rastalabs for intermediate pen testers. Cybernetics and APTLab are best suited for advanced users and experts.

Every Prolab has a certificate and you can get it from your profile page when you complete any of them.

---

End games (Free)

The end-game labs are Advanced labs simulating real-world infrastructure and exploit scenarios, with multiple hosts and various attack paths.

There are four end-game labs (2 Free and 2 paid).

• Free: Solar and Odyssey

• Paid: Ascension and RPG

The player needs to have Guru rank to play the free end game.

---

Fortresses (Free)

Fortresses are Fully customizable vulnerable labs that any company can host in Hack The Box. These labs are free and don't require a subscription to unlock them.

The player needs at least Hacker rank to unlock these labs.

There are 6 fortress labs:

• Jet

• AKERVA

• Context

• SYNACKTIV

• Faraday

• AWS

---

Subscription plans

There are three subscription plans available:

• VIP costs 14$ - Unlock retired machines and Challenges.

• VIP+ costs 20$ - Same as VIP but with unlimited Pwnbox (Parrot VM) usage and private instances.

• Pro Labs Bundle costs 49$ - Unlock all the Pro Labs and mini ones.

Click Purchase and choose the plan you want, then you will get to the billing page to fill in your card info.

Fill in your card info, provide any coupon code you have, Click Subscribe, and then Enjoy hacking :)

The monthly subscription is automatically renewed, but you cancel it at any time and you will not lose your current monthly sub.

---

Whether you're a beginner or an expert, Hack The Box offers something for everyone. Start your journey today, and feel free to reach out if you need any help along the way.

I hope you get most benefits from this post and contact me at any time if you need help.