What is the AttackBox?
The TryHackMe AttackBox is a cloud-based Ubuntu virtual machine that lets you complete tasks directly in your browser, no setup required. It comes pre-installed with the tools needed for most rooms, making it your all-in-one virtual computer for learning and practicing cybersecurity.
Free users can access the AttackBox for up to one hour per day. For unlimited use, a premium subscription is required. Alternatively, free users can connect via VPN for extended access using their own machine.
How do I deploy the AttackBox?
Click on the Start AttackBox button, which is visible when you are in a room:
In some rooms, you can start the AttackBox directly from the Set up your virtual environment task card:
Your AttackBox will start loading in the split-screen view:
Once it is fully loaded, you should see the home screen:
Here are the main options available in your AttackBox:
Find your IP address – it is displayed at the top of the AttackBox or inside the terminal
Open in a new tab – expand the AttackBox to full-screen mode for a better experience
Extend time – add more time before the session expires (default duration is 2 hours)
Shut down – power off the virtual machine when you are done
Exit split view – collapse the split-screen layout (note: closing the room page will not shut down the AttackBox)
You can also click the "i" icon to view important details like your IP address, username, and password.
Important: Difference between AttackBox and attached machines
To solve some tasks, you will need to start machines that are attached to that task:
In some rooms, you will see a separate target machine - this is the system you are attacking, not your AttackBox. Make sure not to confuse the two: the target machine has a different IP address than your AttackBox.
In the screenshot above, both virtual machines (VMs) have IP addresses in the 10.10.xxx.xxx
range, meaning they are on the same network. This allows the AttackBox to interact with the target machine seamlessly.
In some rooms, you may not need to deploy the AttackBox at all. For example, if a room is focused on teaching a specific tool, it might provide an in-browser VM with that tool already installed. This will be clearly mentioned in the task instructions.
Important: The AttackBox stays the same across rooms (unless it is updated), while the target VMs will change based on the room or task. So, if you connected via SSH in one room, do not assume you will do the same in the next as each room may require different steps or tools.
TryHackMe