Anywhere to submit a VM download challenge?

I'm new here, and so far really enjoying it (just got my first root flag, on the Bastion machine) but I'm struggling to find a place for something I'd like to submit for others to try and hack.

I've created a Windows VM that has various exploitable aspects along with some flags to capture, but the problem is for some of the priv escalations the files on the machine would have to be modified... so this wouldn't work if multiple people are trying to hack it at once (which I believe is how all of the VMs listed in the Machines section work, but correct me if I'm wrong and there's some way for people to all get their own instance).

I looked at the Challenges section and whilst there are some downloadable ones, they all seem to be small files rather than VMs.

So is there anywhere on this site I can submit such a VM for others to try hack, or is that just not an option here? If not, is it possible to upload the VM elsewhere and at least start a thread here for people to discuss how they're getting on with it or is that not allowed?

Thanks
Chris

Comments

  • edited July 25

    This should be rather obvious actually from the layout of the HTB website but why figure it out yourself:

    • Go to hackthebox.eu
    • Go to machines
    • Go to new submission

    Whilst we are on the topic, make sure you've read, and complied with, the rules stated here (<-- hyperlink)

    center

  • Yeah you can't submit a machine like that on HTB, because as you pointed out, multiple people need to be able to simultaneously exploit it.

    You can either tweak the box to better fit the rules, or you can look at submitting it on Vulnhub (where you download the VM to exploit locally). There would be nothing in the rules then against creating an thread in the Off-Topic section of the forums where you can notify people of your box, and they can choose to discuss it if they are interested.

    Also,

    @Center is there really a need to be so hostile?

    Mech

  • edited July 25

    @Center maybe instead of a sarcastic comment, actually read my post? All of those machines are single instance that multiple people attack at once right? If that's not the case please correct me, but all the ones I've seen so far that seems to be the case. That will not work for this machine as you need to modify files on it (therefore breaking it for other attackers, or skipping them ahead in the priv esc).

    I'm trying to make it realistic and have services and scheduled tasks etc that have bad config that allows an attacker to replace things to get their own code running as a different user, but obviously if one person replaces a file on a single instance of a machine then it is going to affect everyone. Maybe this site is just not suitable for VMs like this, but that's what I was asking just in case I had missed it when looking around.

  • edited July 25

    @mech said:

    Yeah you can't submit a machine like that on HTB, because as you pointed out, multiple people need to be able to simultaneously exploit it.

    You can either tweak the box to better fit the rules, or you can look at submitting it on Vulnhub (where you download the VM to exploit locally). There would be nothing in the rules then against creating an thread in the Off-Topic section of the forums where you can notify people of your box, and they can choose to discuss it if they are interested.

    Also,

    @Center is there really a need to be so hostile?

    Thanks, I'm glad someone actually read the post and didn't skim through it then call me stupid :)

    OK cool if there's no problem with linking to a vulnhub upload in the off topic section then I'll upload it there and do that. Thanks!

  • @ChrisTo No worries, good luck :)

    Mech

Sign In to comment.