TryHackMe

The TryHackMe AttackBox is a cloud-based Ubuntu virtual machine that lets you complete tasks directly in your browser, no setup required. It comes pre-installed with the tools needed for most rooms, making it your all-in-one virtual computer for learning and practicing cybersecurity.

Free users can access the AttackBox for up to one hour per day. For unlimited use, a premium subscription is required. Alternatively, free users can connect via <a href="https://intercom.help/tryhackme_help/en/articles/6611809-getting-started-with-openvpn" rel="nofollow noopener noreferrer" target="_blank">VPN</a> for extended access using their own machine.

How do I deploy the AttackBox?

Click on the Start AttackBox button, which is visible when you are in a room:

In some rooms, you can start the AttackBox directly from the Set up your virtual environment task card:

Your AttackBox will start loading in the split-screen view:

Once it is fully loaded, you should see the home screen:

Here are the main options available in your AttackBox:

Find your IP address – it is displayed at the top of the AttackBox or inside the terminal

Open in a new tab – expand the AttackBox to full-screen mode for a better experience

Extend time – add more time before the session expires (default duration is 2 hours)

Shut down – power off the virtual machine when you are done

Exit split view – collapse the split-screen layout (note: closing the room page will not shut down the AttackBox)

1. Find your IP address – it is displayed at the top of the AttackBox or inside the terminal
2. Open in a new tab – expand the AttackBox to full-screen mode for a better experience
3. Extend time – add more time before the session expires (default duration is 2 hours)
4. Shut down – power off the virtual machine when you are done
5. Exit split view – collapse the split-screen layout (note: closing the room page will not shut down the AttackBox)

You can also click the "i" icon to view important details like your IP address, username, and password.

Important: Difference between AttackBox and attached machines

To solve some tasks, you will need to start machines that are attached to that task:

In some rooms, you will see a separate target machine - this is the system you are attacking, not your AttackBox. Make sure not to confuse the two: the target machine has a different IP address than your AttackBox.

In the screenshot above, both virtual machines (VMs) have IP addresses in the <code>10.10.xxx.xxx</code> range, meaning they are on the same network. This allows the AttackBox to interact with the target machine seamlessly.

In some rooms, you may not need to deploy the AttackBox at all. For example, if a room is focused on teaching a specific tool, it might provide an in-browser VM with that tool already installed. This will be clearly mentioned in the task instructions.

Important: The AttackBox stays the same across rooms (unless it is updated), while the target VMs will change based on the room or task. So, if you connected via SSH in one room, do not assume you will do the same in the next as each room may require different steps or tools.

A quick guide to understanding the features and purpose of the AttackBox on TryHackMe.

The AttackBox Explained

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

The AttackBox Explained

What is the AttackBox?

How do I deploy the AttackBox?

Important: Difference between AttackBox and attached machines