How to Play Fortresses

Looking to lay siege to a Fortress? Learn everything you need to know to storm the gates.

Ryan Gordon avatar
Written by Ryan Gordon
Updated over a week ago

What are Fortresses?

Fortresses are vulnerable Boxes that are developed by third-party companies like AWS, Synacktiv, or Jet. They tend to be fairly difficult and showcase whatever exploit techniques the company in question deems fit.

There are a few key differences between Fortresses and regular Boxes. First, Fortresses have much more depth to them than the average Box. There are typically many layered services, and occasionally even internal networks.

Additionally, Fortresses do not use the standard user and root flags. Instead, they contain many flags, which are scattered throughout the Fortress. Upon collecting all the flags, members will be rewarded with a badge stating acknowledging their achievement.

Fortresses also give Points. While they don't contribute to your progress towards your next Hacker Rank, they do contribute to your position on the Leaderboard.

Fortress Requirements

The only requirement to play a Fortress is that your Hacker Rank on the Platform must be at least Hacker, or higher. Users with the role Noob or Script Kiddy are not eligible to play Fortresses.

This requirement also applies to VIP/VIP+ users as well.

Connecting to a Fortress

In order to play a Fortress, you'll first need to connect to one of the Fortress Lab VPN Servers. You can do this via the VPN Selection Menu in the upper-right corner of the website.

Navigate to the VPN Selection Menu, and select Fortress. Then, you can either choose OpenVPN, or Pwnbox.

[video-to-gif output image]

If you chose OpenVPN, go ahead and connect via OpenVPN as you normally would. For more information about connecting to the VPN, see the dedicated article below:

Click the button below to read more about Lab Access:

Entry Point and Flags

Every Fortress has an Entry Point listed on its page in the upper-left corner. This IP address is the IP you will start off with and will serve as your first point of access into the Fortress.

Like most other Hack The Box labs, this can be treated like a standard black-box scenario, meaning that this IP is all you'll have to go on. It's up to you to enumerate it, identify services, and find a way in.

Underneath the Entry Point, you'll find the flag list. Each flag that can be found within the Fortress will be listed here, and the bubble to the left of the flag will turn green once you've successfully submitted it.

The first entry in the flag list is always called Introduction. Clicking on it will give you a brief summary of the Fortress.

[video-to-gif output image]

You can submit a flag at any time by entering it into the Flag Submission Box in the upper right corner.

Requesting a Reset

If you feel that a particular Fortress is broken, or needs to be reset back to it's initial state, you can vote to reset the instance of the Fortress on your current VPN Server by clicking on the Reset Request Button in the upper right, just under the Flag Submission Box.

Once a Fortress on a particular VPN server has 5 votes, it will automatically reset.

[animate output image]

Keep in mind, you can also switch your VPN server to a different one while you wait for a Fortress to be reset. Each VPN Server has a different instance of the Fortress.

Did this answer your question?