Dedicated Lab Users Guide

A guide to working in a Dedicated Lab on the Enterprise Platform.

Ryan Gordon avatar
Written by Ryan Gordon
Updated over a week ago

Dedicated Labs are a safe environment for you to experience curated and unique hacking content that is created by security professionals for security professionals.

Our cybersecurity content features mechanics and techniques inspired by gaming that make the entire user experience fun and captivating, resulting in increased team engagement.

The two forms of content you'll find in Dedicated Lab are Boxes and Challenges.

Boxes vs Challenges

Boxes are instances of vulnerable virtual machines. These are virtualized services, virtualized operating systems, and virtualized hardware that all run on our servers. Boxes tend to have multi-step exploit paths and can host different Operating Systems; Linux, Windows, FreeBSD, and more.

Challenges are bite-sized applications for different pentesting techniques. While they may feature chained exploits, they generally are meant to showcase one concept and are comprised of a single application.

Difficulty Levels

Each Box has a difficulty level that signifies the complexity and amount of steps in the exploit path. The five different difficulty levels are as follows:

These are simple Boxes, with typically only a single main exploit step. They are meant as an introduction to those who are just getting started with pentesting, or are looking to get acquainted with Hack The Box content.

These Boxes are still simple but offer a bit more of a challenge compared to the previous level. They generally are comprised of 2-3 steps, and have a relatively clear exploit path, with only the most basic scripting required.

Medium Boxes are where things can start getting complex. They usually have around 3 steps and may require some custom exploitation. The path is generally clear and free of rabbit-holes. Some scripting or programming knowledge may be required.

These are complex Boxes with 3-5 steps that involve custom exploitation and chaining together different vulnerabilities. Heavy enumeration may be required, and the path may not always be obvious.

These are the most difficult Boxes we have to offer. They are targeted towards highly experienced pentesters who are looking to push themselves to the limit. They typically involve more than 5 steps and can have extremely complex exploit chains. They may include rabbit-holes and deadends.


Unlike Boxes, Challenges have three main categories of difficulty: Easy, Medium, and Hard. These roughly map to the same level of difficulty as Boxes of the same level, with the exception that Challenges are focused typically on a single exploit type. Additionally, there is no upper limit on how difficult a Hard challenge can get.

The more difficult a Challenge is, the more Points it's worth.

Playing Boxes

You can begin working on Boxes by opening up your Dedicated Lab on the Enterprise Platform. Once you've located a Box, click on it to be taken to its page. From here, you'll be able to spawn the Box, access its writeup (if made available by your Admin), and submit flags.

Clicking on View from the list of Boxes will open up the Box's page. This page has four panels:

Play machine:

This interface has the SPAWN MACHINE button and the fields to insert the flags.(And the questions to follow along if Guided mode is on).


This page has the Machine description and the Machine matrix.


You can view the Boxes activity on this page to keep track of who has solved it and when.


Clicking this button will redirect you to the Forum pages related to that Machine.

This will make accessing the forum easy once you feel stuck and seek out some extra information from our community.

Once you Spawn the Box, you'll be given an IP address. From here, you can begin enumerating the Box for services and vulnerabilities and begin hacking your way in!

You'll want to make sure you have connected to the lab's VPN server or have a Pwnbox instance ready if you want to be able to access the Box's IP address. You can read more about Lab Access here:

Click the button below to learn how to connect to your Dedicated Lab:

On each Box, you'll typically be able to find two flags, user and root. Generally speaking, this can be found in /home/<username>/user.txt and /root/root.txt, respectively. Once you get a flag, be sure to submit it on the Box's page!

Extending a Machine’s time

Any instance you spawn has a lifetime. Once this lifetime expires, the Box is automatically shut off. If you're currently engaged in attacking an instance that is nearing its expiration, and you don't want to be interrupted by its shutdown, you have the option to extend the Box for an additional 8 hours at a time (up to 3 times) by clicking on the timer and 'Extend 8 hours' button.

Playing Challenges

Working on Challenges is very similar to working on Boxes, with a few key differences.

  • Challenges are spawned on Docker Instances and are accessible only on the specified port.

  • The IP addresses of these Docker Instances are routable via the internet, which means no VPN is required.

  • Challenges can sometimes have downloadable content. This could be the source code of the application running on the server, or it could be the challenge itself. The downloadable files are zipped, and the password is always hackthebox .

Search and Organize

On your Dedicated Lab page, you can search for content using its name or tag:

You can also use the sorting options to easily find the Boxes or Challenges you seek. The default sorting option is the ‘Latest assigned.’ By clicking on the 'SORT BY' tab, you can select another option from the drop-down: Latest Released, Easy to Insane, Insane to Easy.

Did this answer your question?