Advice and answers from the TryHackMe Team

TryHackMe AttackBox

Updated at November 1st, 2021


TryHackMe offers subscribers a virtual machine which can be accessed directly in your browser. It is also connected to the wider internet, so you can connect to it over RDP or SSH, if you prefer. 

The "TryHackMe AttackBox" is considered the first choice when completing TryHackMe content. This machine is built to be as responsive as possible, containing all the necessary tools from Kali, but also other tools that you wouldn't find installed on Kali otherwise, including:

  • Docker
  • Empire & Star Killer
  • Gobuster
  • RustScan & Ciphey
  • Metasploit 5.101
  • ELF/EXE & Java Reverse Engineering tools
  • Other pentesting-related goodies including enumeration scripts, windows binaries and more!

You can read the changelog here

To name a few! The "TryHackMe AttackBox" can be accessed here, or via the "Start AttackBox" button in a room: 

Deploy the machine as you would any other on the site. It will take a few minutes to start, and will give you a display that looks like this:

The password is autogenerated on startup and will be different each time. You will be automatically logged in using the in-browser connection, so should only need the username and password if using SSH or RDP.

If you are presented with a white screen asking you to log in, please terminate the machine and redeploy. If the problem persists, email [email protected], or ask in the TryHackMe Discord server.

Connecting to the AttackBox using RDP

In circumstances where the in-browser machine isn't performing as you expected (such as when the site is extremely busy in events like AoC), or you wish to share resources like clipboard and files easier, you can use the Remote Desktop Protocol (RDP).  

Record the IP address, Username and Password into a text file and close the  "My Machine" page to continue. Remember that the Machine will still expire, be sure to set a timer and check the "My Machine" frequently.

If you are a non-subscriber, you will need to connect to the THM OpenVPN as internet access on the AttackBox is a subscriber-only feature.

I'm Using Microsoft Windows

1. You can connect using the application already provided by Microsoft: 

2. Provide the IP address of your attackbox. Non-subscribers must connect to the THM VPN and use the "Internal IP", where subscribers do not need to be connected to the THM VPN and can use the "Public IP"

3. Type in the password that you would have noted down into a text file from the "My Machine" page. Note that you cannot copy and paste the password as a security measure: 

Did this article help you?