The AttackBox Changelog

View the features & changes we have made to the in-browser AttackBox

Written By TryHackMe Staff (Liquid error: internal)

Updated at February 23rd, 2021

V2.8: RustScan, Ciphey & Housekeeping% - (Current) - 22/02/2021 

We've updated and included a few popular tools that are long overdue & performed a bit of housekeeping. Notably:

- Everyone's favourite RustScan (2.0.0) has been set up on the machine. Learn how to use it here (please note that we are not providing support for this tool -- it has been installed due to popularity). We've added the convenience of adding an "alias" to make your life easier. For example, you can scan a target using rustscan -a vulnerable_thm_instance_ip_here

Ciphey, the encoding cracker has also been included on the machine. Learn how to use it here (please note that we are not providing support for this tool -- it has been installed due to popularity) 

- Updated the locally running install of CyberChef (this means that non-subscribers can use CyberChef without internet access - access via the bookmark in Firefox!)

- We have installed CeWL (Custom Wordlist Generator) Learn how to use it here (please note that we are not providing support for this tool -- it has been installed due to popularity)

- Updated WPScan's database - now it won't complain to you (for now anyway...)

- A few other miscellaneous updates to keep the AttackBox nice and fresh!

The AttackBox has also had a new face change! Out with the gradient-patterned background -- in with the THM background. Minimalism meets corporate branding 😎

Have a deploy & let us know your thoughts/suggestions via our feedback form! 😎

~ CMNatic

V2.7: Auto-joining Networks (THM Networks prep) - 12/02/2021

Whilst the AttackBox has always been on the TryHackMe network (requiring no VPN to access normal rooms) - this never applied to networks such as Throwback (where you would have to download your Throwback VPN file onto the machine)

We're glad to announce that the AttackBox now automatically downloads & connects to the TryHackMe networks that your account has access too. For example Holo and Wreath below:

You can view your IP address for the network you wish to work through using the normal access page or via system commands ip addr or ifconfig. Please do not run these using OpenVPN - the AttackBox automatically does this for you.

~ CMNatic

AoC 2020 - (02/12/2020)

  • Installed CyberChef locally so that non-subscribers can use this tool without any internet access. Simply click the bookmark in Firefox like normal
  • Added PHP reversehells (/usr/share/wordlists) & other AoC documents (this will be updated as the days progress to avoid spoilers)
  • More Wordlists (/usr/share/wordlists)
  • Housekeeping

~ CMNatic

V2.1: Starkiller & Empire (Pre-AoC 2020) - 30/10/2020

Fixed Starkiller & Empire which did not previously work due to issues with compatibility on the operating system. Empire has been moved to Docker, instructions for use are placed in /root/Instructions/empire-starkiller.txt

V2: The Fixed Metasploit Edition - 24/10/2020

Apologies for the delay in getting this breaking issue resolved...Implementing a fix that wouldn't drastically disrupt how Users interact with the AttackBox wasn't easy. Happy hacking!

Major changes:

Resolved issues with how the PostgreSQL database for Metasploit had a high chance of failing to connect, meaning things like db_nmap could not be used. This was due to conflicts & various configurations needed to "hack" Metasploit into allowing the "root" use Metasploit. 

Please do not use "msfdb init" to initialise the database as it will not work. The database is now automatically initialised in a specific way to resolve the aforementioned issue. You can verify that the database is connected by using "db_status" in the Metasploit console - as illustrated below:

An un-successful connection would look like the following screenshot:

If you experience this, please terminate and redeploy the AttackBox instance. Any further occurrences should be reported via either the THM Forum, Subreddit or Discord:

Minor Changes:

Small QoL improvements.


V1.2 - 02/09/2020

Major Changes:

Re-installed John to include the full set of tools and Hashcat with the correct OpenCL run times for AWS. You no longer need to use "--force" with Hashcat and will no longer risk false negatives/positives. They can be found in /opt/john and /opt/hashcat respectively


THM IP address of your machine is now displayed in the top-navbar of the Desktop like such:


V1.1 - 01/09/2020

Major Changes:

Removed Metasploit 6 and installed Metasploit 5-101 for site compatibility after Rapid7 recommending that Metasploit 6 is not to be shipped to Kali & ParrotOS


"Empire" and "Starkiller" for the release of THM Networks

Installed Docker, Docker Compose, GoBuster, Pwntools, JD-GUI and JADX 

Updated and upgraded "APT cache"

"Tools" and "Wordlists" to file explorer bookmarks:

Removed / Fixed:

Errors when "apt updating" due to broken/expired apt sources


V1 - Base

Created machine


Was this article helpful?