Skip to main content
Dedicated Lab Users Guide

A guide to working in a Dedicated Lab on the Enterprise Platform.

Ryan Gordon avatar
Written by Ryan Gordon
Updated over a month ago

Dedicated Labs are a safe environment for you to experience curated and unique hacking content that is created by security professionals for security professionals.

Our cybersecurity content features mechanics and techniques inspired by gaming that make the entire user experience fun and captivating, resulting in increased team engagement.

The three forms of content you'll find in Dedicated Lab are Machines, Challenges, and Sherlocks.


Machines vs Challenges

Machines are instances of vulnerable virtual machines. These are virtualized services, virtualized operating systems, and virtualized hardware that all run on our servers. Machines tend to have multi-step exploit paths and can host different Operating Systems; Linux, Windows, FreeBSD, and more.

Challenges are bite-sized applications for different pentesting techniques. While they may feature chained exploits, they generally are meant to showcase one concept and are comprised of a single application.

Sherlocks serve as defensive investigatory scenarios designed to provide hands-on practice in replicating real-life cases.


Difficulty Levels

Each Machine has a difficulty level that signifies the complexity and amount of steps in the exploit path. The five different difficulty levels are as follows:

These are simple Machines, with typically only a single main exploit step. They are meant as an introduction to those who are just getting started with pentesting, or are looking to get acquainted with Hack The Box content.

These Machines are still simple but offer a bit more of a challenge compared to the previous level. They generally are comprised of 2-3 steps and have a relatively clear exploit path, with only the most basic scripting required.

Medium Machines are where things can start getting complex. They usually have around 3 steps and may require some custom exploitation. The path is generally clear and free of rabbit holes. Some scripting or programming knowledge may be required.

These are complex Machines with 3-5 steps that involve custom exploitation and chaining together different vulnerabilities. Heavy enumeration may be required, and the path may not always be obvious.

These are the most difficult Machines we have to offer. They are targeted toward highly experienced pentesters who are looking to push themselves to the limit. They typically involve more than 5 steps and can have extremely complex exploit chains. They may include rabbit holes and dead ends.

Machine Types

Machines may be classified into one of four categories: Exclusive (tagged as E), Training (tagged as T), Rank (tagged as R), or Custom (tagged as C).

E - Exclusive content: Content that's available only on the Enterprise platform

T - Training Machine: Machines that are not competitive or ranked, for which there are official writeups available and Guided mode

R - Rank Machine: Machines that are competitive on HTB Labs. These Machines are available to play on Enterprise but there’s no official writeup or guide available. Any completions on Enterprise result in points on HTB Labs.

C - Custom machine: Machines that organizations request to be built specifically for them.That Machine is available ONLY for that organization on Enterprise.


Challenges

Unlike Machines, Challenges have three main categories of difficulty: Easy, Medium, and Hard. These roughly map to the same level of difficulty as Machines of the same level, with the exception that Challenges are focused typically on a single exploit type. Additionally, there is no upper limit on how difficult a Hard challenge can get.

The more difficult a Challenge is, the more Points it's worth.


Playing Machines

You can begin working on Machines by opening up your Dedicated Lab space on the Enterprise Platform. Once you've located a Machine, click on it to be taken to its page. From here, you'll be able to spawn the Machine, access its writeup (if made available by your Admin), and submit flags.

Clicking on View from the list of Machines will open up the Machine's page. This page has four panels:

Play machine:

This interface has the SPAWN MACHINE button and the fields to insert the flags.(And the questions to follow along if Guided mode is on).

About:

This page has the Machine description and the Machine matrix.

Activity:

You can view the Machines activity on this page to keep track of who has solved it and when.

Forum:

Clicking this button will redirect you to the Forum pages related to that Machine.

This will make accessing the forum easy once you feel stuck and seek out some extra information from our community.

Once you Spawn the Machine, you'll be given an IP address. From here, you can begin enumerating the Machine for services and vulnerabilities and begin hacking your way in!

You'll want to make sure you have connected to the lab's VPN server or have a Pwnbox instance ready if you want to be able to access the Machine's IP address. You can read more about Lab Access here:


Click the button below to learn how to connect to your Dedicated Lab:


On each Machine, you'll typically be able to find two flags, user and root. Generally speaking, this can be found in /home/<username>/user.txt and /root/root.txt, respectively. Once you get a flag, be sure to submit it on the Machine's page!


Extending a Machine’s time

Any instance you spawn has a lifetime. Once this lifetime expires, the Machine is automatically shut off. If you're currently engaged in attacking an instance that is nearing its expiration, and you don't want to be interrupted by its shutdown, you have the option to extend the Machine for an additional 8 hours at a time (up to 3 times) by clicking on the timer and 'Extend 8 hours' button.


Playing Challenges

Working on Challenges is very similar to working on Machines, with a few key differences.

  • Challenges are spawned on Docker Instances and are accessible only on the specified port.

  • The IP addresses of these Docker Instances are routable via the internet, which means no VPN is required.

  • Challenges can sometimes have downloadable content. This could be the source code of the application running on the server, or it could be the challenge itself. The downloadable files are zipped, and the password is always hackthebox .


Playing Sherlocks

You can find everything related to Sherlocks in this article :


Search and Organize

You can easily find content by searching by Name or by Tag, this will help you find the exact content you are looking for.

Below the search bar you will see a list of the ten most common tags found in the assigned content. Clicking on a tag will filter out content based on that tag:

Searching for content depends on the Dedicated Space settings. If the content is masked by the Administrator or Moderator, you can only search using the Machine's masked name.

You can also use the sorting options to easily find the Machines or Challenges you seek. The default sorting option is the ‘Latest assigned.’ By clicking on the 'SORT BY' tab, you can select another option from the drop-down: Latest Released, Easy to Insane, Insane to Easy.


Requesting Content to be Added

In your Academy Lab once you are inside a Module Overview:

  1. Scroll to view related Modules and Machines.

  2. Click Request to Add to send a request to your Administrator or Moderator to add that Module or Machine to your Academy or Dedicated Lab. Your request will be sent to all spaces you have a seat in.

  3. Once approved in one of your spaces, the content will appear in the respective space.


Leaderboard

The leaderboard will show points acquired by members of that space only and reflect activity locally.

flags submitted in a Dedicated lab space are only for that space and won't be reflected in other spaces.

To check your activity across all spaces and labs you can check the Activity tab under My Profile.

Did this answer your question?