Following the new version of the Hack The Box platform, we are putting out guides on how to navigate the new interface.

Whether you’re a new player or a veteran in Hack The Box, this guide will give you some useful tips and guidance on how to play Machines (commonly referred to as Boxes) in the new platform design.

You’ll need to navigate to the left-hand side menu and click on Labs, then Machines from your dashboard.

This will take you to the Boxes line-up page, where you can find all controls required for you to play the Boxes. This includes VPN connection details and controls, Active and Retired Boxes, a to-do list, and more.

Machines/Boxes come in four separate difficulty levels; Easy, Medium, Hard, and Insane.

They are named appropriately and have their own respective logo language:

If you'd like to learn more about using the VPN ticketing system and subsequently connect to the labs to access the Boxes, we have a dedicated article on the topic.

On the Machines/Boxes page, you will see the highlighted Boxes at the top. These can be any number of highlights, such as the staff pick, the next Box to retire, and the newly announced Box for the week.

For the Boxes that have an upcoming launch date announced, there will be a timer to the actual release of the Box along with some basic information about it.

For the Boxes that have a retiring date set, there will also be a timer until retirement along with the option to Play Machine, which will start an instance of that machine on your selected VPN server.

There are three menus that you can select from to filter through the Boxes lineup.

The Active Machines list displays the Boxes available to everyone, both VIP and free account users.

In the case of VIP users, these, like any other Box, will need to be booted up by the user attempting to attack them. In the case of free users, these Boxes will always be online on their respective Free Lab VPN servers.

The Retired Machines list displays the Boxes that have been retired and offer no more points upon completion. However, these Boxes provide both the official and user-submitted write-ups for the educational advancement of users. You can use these write-ups to learn how to tackle the Box and how different services and setup configurations can be abused to access a vulnerable system.

The list is split into two sections. The Free Retired Machines section contains a shortlist of recently retired Boxes made available to free users. The Boxes on this list are the only retired Boxes that you can play without a VIP subscription.

The VIP Retired Machines section contains all retired Boxes, including the few available to free users.

The Machines To-Do List contains Boxes (both Active and Retired) that you’ve added to your own personal to-do list. To find out more about how to add a Box to your to-do list, please read below.

You can filter each of the above lists according to your needs. The filter options are listed as drop-down menus above the machine entries in the respective list. These consist of the following:

You can also use the Advanced Search on the Retired Machines menu. This will allow you to filter in more detail according to the Attack Path, Attack Sub, and Programming Languages used during the attacks.

Remember to clear your filters if you’re looking for a certain Box that you can’t find!

Once you get accustomed to the line-up interface, you can pick a machine that you’d like to tackle. In this example, we’ll be using Sauna.

Note that some of the items you will see here will be restricted to VIP accounts. You will not need to start up or stop the machine to play it for a free user account.

You can find the general Box information in the header at the top. This will display the logo and name of the box, the difficulty rating, and the number of points offered upon completion for the box.

You can find the Box state, control buttons, and other links on the left of the page. If you’re a VIP user, you can start or stop the Box from here.

All other users can add the Box to their To-Do List, submit a review of it or visit the Forum link associated with it.

The Forum Thread link should be handy to beginners as this is where You can find posts about certain challenging tasks within the machine.

On the main section of the Machine page, you can find the tabs related to general information, statistics, activity of other users, changelog for this Box, other users' reviews, and walkthroughs (once this Box retires).

Take your time getting accustomed to each of them before proceeding.

The IP address of the Box can be seen below the machine state, on the left-hand side. For VIP users, this IP address will only become visible after the machine is powered on.

If you’re using a free account, you only need to make sure your VPN is connected. You will not have the machine start/stop buttons because the Boxes on the active line-up for the free servers will be online at all times for you to attack.

Following the steps above, you should already have an .ovpn connection pack ready and waiting in your ~/Downloads folder. From there, you only need to boot up your OpenVPN session with the following command after navigating to the ~/Downloads folder.

After you get the Initialization Sequence Completed message at the end of the OpenVPN log, you can open a new terminal tab and try to ping the box’s IP address.

Visiting the machine page, you can see all the required information, as seen above.

As a VIP user, you will need to boot up an instance of the machine you’d like to tackle. The reason for this is that there’s a high number of VIP servers. While we can’t keep all the Machines running all of the time for all of these servers, we can give the users the option to start and stop a Machine on demand.

Following the steps above, you should already have an .ovpn connection pack ready and waiting in your ~/Downloads folder. From there, you only need to boot up your OpenVPN session with the following command after navigating to the ~/Downloads folder.

After you get the Initialization Sequence Completed message at the end of the OpenVPN log, you can open a new terminal tab and try to ping the box’s IP address.

Visiting the Machine page, you can see all the required information, as seen above.

Sometimes a Box gets stuck, or one of its services is manipulated by another user into failing. This requires a reset. To do so, you only need to press the Reset Machine button on the status section.

Resets will clear the progress for any other user, including you, so please make sure that there’s actually something wrong with the services and it’s not localized to your own attack process before issuing a reset. A best practice will be to ask other users if there’s something wrong with the Box or how you are trying to tackle it.

Any instance on any VIP server has a lifetime. Once this lifetime expires, the Box is automatically shut off. If you are in the process of attacking an already close-to-expiry instance and wouldn’t like to be interrupted by it shutting down, you can extend the Box’s time. This will give you ownership over that instance and extend the lifetime to a maximum of 24 hours.

Once you’ve found a flag, submit it immediately! There is a flag rotation mechanism in place, and if someone resets the Box, you can lose all progress on your current instance as the instance will boot up from scratch, and the flag will be rotated.

To submit a flag, you can press the Submit Flag button on the status section.

Please note that you will be required to rate the Machine before the platform lets you press the Submit Flag button.

Once you are done attacking a Box and would like to take on a different one, you will first need to shut down the previously owned instance. The platform will not let anyone have two active instances simultaneously, so you will have to click on the Stop Machine button to shut your previous one-off.

We highly encourage everyone to participate in the development of future Boxes in Hack The Box by posting their opinions about the current ones that they are tackling! Once a Box is owned by you, you can submit your review by clicking the Review Machine button.