Best 3 Hack The Box Challenges For Beginners

hack the box setup with R U Coding Me

Share This Post

What is a HackTheBox Challenge?

Hack the Box Challenges are virtual machines you can download onto your system and exploit without worrying about hacking a real system. There are other great resources, such as vulnhub and picoCTF that also have the same idea. These beginner CTF (capture the flag) challenges are great ways to practice cyber security tools as well as gain confidence in ethical hacking or red team security. While CTF challenges are usually within a time period, hack the box challenges can be started at any time!

It’s important to note that R U Coding Me only condones the safe practice of ethical hacking. These tools should only be used on authorized machines -otherwise it is considered black hat hacking which is illegal. As long as you set up your VM environment correctly, you shouldn’t have to worry about this -as it is your machine. Now let’s get hacking 😎


Virtual Machine Setup

Virtual machines are nested Operating Systems (OSs) within your main OS. We can think of this like partitioning off part of a sandbox into yet another sandbox. With that in mind, it is important that the sand from our mini-sandbox does not cross over into our main sandbox and vice versa. When our virtual machines our isolated from the host, we can perform anything we want within the mini-sandbox without bringing any information to or from the host. Thus, we can remove our workstation entirely should we need to and still have a fully functional main computer.

Before you begin, it is recommended to have at least:

  • 8 GB of RAM
  • i5 Processor (equivalent) or higher
  • 32 GB of storage

for your system. It is important that each virtual machine has enough juice to operate without straining the main system.


Configuring Your Testing VM

You will most likely want to install Kali Linux for your testing virtual machine. Kali is a Debian-based distribution of Linux (same family as Ubuntu or Mint), that comes packaged with several penetration testing tools. Another alternative is to download your flavor of Linux and install the tools that you need as you go. Either way, it is important that this distribution is within a virtual machine.

Generally speaking, there are two popular options when it comes to virtualization: VMWare and VirtualBox. Both have the pros and cons, but this will depend on the challenge box that you are working on. We recommend you pick on and stick with challenges that have the corresponding download for your software. Since I have more experience with VirtualBox, I will base my examples off of VirtualBox

With your software installed, you can import Kali Linux (or Ubuntu, Manjaro, etc.) into your VM software. VirtualBox can accept .ova file types that allow you to import a virtual machine directly into the software. If you cannot obtain a .ova file, you can go through the wizard to set it up for you. USE THE RECOMMENDED SPECIFICATIONS. If you have some extra horsepower, you can allocate some more to the VM, but it is generally a good idea to save a few GB of RAM and a processor for your host. This way, your VM will run as smooth as possible!


Importing Your HackTheBox Challenge

Now that you have your hacking station ready to go, it’s time to set up a hackthebox challenge. Navigate to your challenge on the hackthebox website and download the correct file format for your virtualization software. You should be able to click the import button, select the file and approve of the VM settings before installing it on your system.

Once you have this installed, you’ll want to set up a virtual network. In VirtualBox, this allows for your virtual machines to talk to each other, however, they do not have access to the open internet. This is especially important, because you want to target your VM and not your neighbor’s smart TV for this exercise. In VirtualBox, this is referred to as an internal network. You can quickly set up a virtual network for your virtual machines by selecting the network adapter type to the same virtual network you created.

This configuration will allow your virtual machines to talk to each other, however, they will not have internet access. This is a good thing, because it prohibits any malicious activity from escaping your virtual network and reinforces you to work on the solution without looking up answers. Kind of a two-birds-with-one-stone kind of deal!

Top 3 Open Capture The Flag Challenges

Capture The Flag challenges have a wide range of skills that they can test you on. A lot of these involve programming experience or at the very least BASH scripting, which is another reason to learn programming. Additionally, there are challenges that involve mastery of software/techniques such as password cracking, host discovery and privilege escalation. Keeping this in mind, we will recommend our top 3 picks with entry skill level as our main consideration.

PicoCTF Challenges

PicoCTF was developed by the Carnegie Mellon University as an open playground for cybersecurity challenges! It is an open website that hosts challenges live 24/7 so you can gain experience hacking whenever you like. So long as you access the endpoints they provide and you sign up, they will grant you permission to ethically hack their systems through a series of jeopardy-style challenges.

Of all the challenges, PicoCTF is the most beginner friendly as it has many categories, write-ups and walkthroughs in case you get stuck. Additionally, you do not need to set up a target VM or virtual network; you only need your workstation VM. With this in mind, Pico is our top pick for those with next to no experience with cyber challenges.

Metasploitable 3

Metasploitable 3 is the first box we would recommend you try out, as there are several vulnerabilities built in! This one requires more elbow grease to get set up and working on your system, however, the resource linked provides documentation on how you can do this. Configuration will take a little bit of time and patience, however, the challenges are well worth the effort!

Once you have the virtual machine on your private network, you can begin hacking from your workstation VM! One helpful trick I always employ is to minimize the target VM window. This will emulate a real attack as you will not have access to the virtual machine in a real scenario.

Mr. Robot

Based around the popular hacking TV show, Mr. Robot is a progressive CTF that requires you to solve each challenge in sequential order. The ultimate goal is to gain complete control over the target VM (become the root user). There are several clever tricks you can use to leverage your way through the target system, however, this one is the most difficult challenge we would recommend to beginners.

While this is quite a challenge, we recommend you work your way up to Mr. Robot eventually! It is quite a rewarding feeling being able to gain access to a remote machine and escalating your role to root. The objectives from these challenges are commonly depicted in movies and put into perspective how hard it can be for hackers to “get in”. They also point out some important security features you should employ on your devices.

Wrapping Up

There are several great resources out there to start your offensive security training. Be sure to practice consistently, ethically and safely, as these factors will help you become a better white-hat hacker.

Let us know your experience with CTFs in the comments and if there are any resources you would recommend for folks new to cyber security!

That's weird... something went wrong. Please try again.
Welcome to the R U Coding Me Newsletter!

R U Coding Me Newsletter

Subscribe to our newsletter and stay updated.

We use Brevo as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Brevo for processing in accordance with their terms of use

Are You Coding?

If the answer is no, you’re probably missing out on a large opportunity here. And yes, I said the name!

Our FREE developer resources will help you start programming. Additionally, consider applying for mentorship to accelerate you to your career. Click on the Student button below to get started. It will take you to our available courses and any relevant materials to help get you started.

Ready to take your business to the next level? Creating a robust solution in a short amount of time is hard to do if you’ve never done it before. Plus, why should you juggle yet another project with your business? Click on the Business button below if you’re looking to scale your current business online but don’t want to spend a few years to learn how to do it. It will take you to our services so you can see what would best work for you.

More To Explore
The Ultimate Guide to Staying Safe Online

FacebookTweetPinLinkedInEmail Why is Digital Security so Important? With many gadgets and gizmos comes great risk to cyber attack. Protecting your online information is important, because

R U Coding Me LLC