The AttackBox explained
Written by Gonzo
Updated over a week ago

What is the AttackBox?

TryHackMe's AttackBox is an Ubuntu Virtual Machine hosted in the cloud, allowing you to complete many tasks in our rooms. Think of the AttackBox as your virtual computer, which you would use to conduct a security engagement.

It comes conveniently equipped with all the tools you will need to complete most of our challenges and is available in-browser with the click of a button.

You will need a premium subscription if you wish to use the AttackBox for more than one hour daily. Alternatively, you can connect to our VPN for as long as you need with a free subscription.

How do I deploy the AttackBox?

Click on the "Start AttackBox" button, which is visible when you are in a room:

You will see your Attackbox loading in the split view:

Once it's fully loaded, you should see the home screen:

(1) You can find your machine's IP address in your terminal or at the top of your attack box screen.

You have a few options at the bottom left corner of your AttackBox:

  • (2) You can expand your window to full-screen by opening your attack box in a new tab.

  • (3) You can add some time to your attack box (it typically expires after 1h45minutes),

  • (4)Shut down the VM, or (5) exit the split view (closing the rooms page won't terminate the AttackBox).

  • You can view information (IP address, username, password) by clicking on "i"

Important: Difference between Attackbox and attached machines

To solve some tasks, you will need to start machines that are attached to that task:

In some rooms, these are the machines you are attacking, not to be confused with your AttackBox. Notice how this machine's IP address is different from the one you can see on your box:

In the screenshot above, both VMs have an IP in the range, meaning they are on the same network. This allows you to interact with the attached machine when using the Attackbox.

In some cases, you might only need to interact with the attached VM (without needing to deploy the Attackbox). For example, if the room is teaching you how to use a specific tool, you can access an in-browser machine with that tool installed (this will be detailed in the task).
The key takeaway is that the Attackbox will always be the same (except when we update it), whereas an attached VM will always differ depending on the room/task. That means that if you used SSH to connect to a machine in the previous room, that wouldn't necessarily be the case for every other room.

Did this answer your question?