What are Endgames?
Endgames simulate a Lab/Infrastructure that you can find in a real-world attack scenario of any Company/Organization. They have various entry points and attack paths. They differ from regular Machines in that Endgames consist of more than one Machine on the same network, simulating a real-world environment.
Endgame Requirements
Endgames, just like Machines and Challenges, can be Active and Retired. For every new active Endgame that we release, an old Endgame will be retired.
Active Endgames can only be accessed by all HTB users (including free members) who have achieved Guru rank or above.
Retired Endgames are available to VIP users of any rank and include an official write-up. VIP users below Guru rank will be able to submit flags for retired Endgames only, and VIP users of Guru rank or above will be able to submit flags for all Endgames. These rules apply to everyone.
Playing Endgames
The first step to playing and Endgame is to navigate to the Endgames Page and select whichever Endgame you want to play. You can find the Endgame Page under the Labs option in the navigation menu on the left side of the website.
You'll be presented with a page displaying all currently released Endgames, both Active and Retired. Click on whichever Endgame you are interested in playing, keeping in mind the requirements discussed earlier.
Endgame Introductions
Each Endgame has an Introduction that is placed at the top of the Flag List. Clicking on the Introduction will give you a brief description of the Endgame's concept, as well as the Entry Point.
The Entry Point is one or more IP addresses, or an entire subnet, that serves as the first enumeration point for anyone playing the Endgame. In the Endgame shown in the GIF above, Hades, the entry point is 10.13.36.10. Thus the first step in playing Hades would be to enumerate that IP address.
Connecting to an Endgame Lab
Endgames require VPN connections, the same way Machines do. The process is identical to the process for Machines. You can use the general VPN connection Dashboard in the top-right of the website, but Endgame pages also have a dedicated button to connect to Endgame Labs.
In the upper-right of the Endgame page, there will be a Machine that says Connect to Endgame. Clicking on this box will pull up the VPN connection Dashboard. You can opt to download an OpenVPN package after selecting which VPN server you'd like to connect to.
Alternatively, if you have a VIP Subscription, you can choose to use Pwnbox instead.
If you require additional information on connecting to Labs on Hack The Box, we have a dedicated article on the subject.
Click the button below for more information on Lab Access:
Submitting a Flag
Flags on Hack The Box are always in a specific format, and Endgames are no different. The flag format for Endgames is generally the name of the Endgame in all uppercase letters, followed by the flag enclosed within curly braces. In the example of Hades, the flag format is HADES{fl4g_h3r3}
.
Once you've found a flag, you can submit it on the page of the Endgame you are playing. The flag submission box is in the upper-right of the page.
Once you submit a correct flag, you will see your Progress Tracker increase.
Resetting an Endgame
Endgames are reset via a voting system. Once the threshold of five votes has been reached, the Machine will reset. Once a Machine resets, the current amount of votes will revert to zero. To vote for a reset, press the button to the right of the Lab Reset bar, and your vote will be added.
It may take several minutes for the Endgame Machines to become accessible again after initiating a reset.
Endgame Write-up (Retired only)
All retired Endgames have Official Write-ups produced by HTB Staff. The write-up is available in PDF format and can be downloaded from the Walkthroughs tab on the respective Endgame's page.
Additionally, users are permitted to publish and optionally submit their own write-ups for Retired Endgames. Any User Submitted Walkthroughs will also be available on the Walkthroughs tab.
Endgame Rules
The Rules tab lists the rules that are to be followed when playing Endgames.
As with all Hack The Box content, it is required you follow the HTB Terms of Service at all times. In addition to the ToS, additional rules should be kept in mind when playing Endgames.
Do not carry out destructive actions such as:
Changing account passwords
Changing group membership of accounts
Modifying/removing flags
Modifying/removing startup scripts and scheduled tasks
Killing processes that you don`t own
Any Denial of Service
Try not to leave enumeration data/tools lying around for other players to find. Use a subtle area on the disk and remove your files once you`ve finished.
You will find additional Endgame-specific rules under the Rules tab.