Integrity of Hack The Box

Dear all, after a lot of thought we decided to implement the following changes to ensure the integrity of Hack The Box and make HTB a place that is fair for everyone and the purpose of it is to learn and educate yourself. Read it thoroughly and HTB Stuff is here to answer any questions you may have. Happy Hacking, Play Fair and always Think Outside The Box! :smile:

<3

Very interesting stuff - I find it fascinating to see how you guys handle the types of problems that inherently come with a platform such as this. Keep up the good work!

There is one issue I see with the flag rotation:
Currently, the submission of older flags is enabled. But in the future this will not be possible anymore. Seeing how people constantly go on a reset spree on machines like e.g. Traceback, this will cause major issues. Imagine that you just manage to get the flag right before it gets reset. Now, when you submit the flag (which takes at least a few seconds), the flag is invalidated and a false flag submission gets logged on your account. Doesn’t seem fair to me, to be honest.
On machines like Traceback you also just can’t get right back to the user/root account. So you might happen to repeat to submit an old flag again and again, simply because some players reset the machine, right after it booted up, again. Sure, there’s a 2 minute waiting time before it gets reset, but that might happen to be just enough to get the new flag, but not to also submit it.

Just my 2 cents :wink:

So its HTB’s trainset and I am not going to argue with their choices but I think this is solving an unimportant problem while boxes like OpenAdmin, Traceback and Book could do with more effort in providing stability. (And I wish people would put critical Linux files as immutable).

Things I’d be curious about - is there a difference between an “old” flag and simply the wrong flag?

Are there any repercussions? If you submit an old flag do you get banned, warned or is there is a threshold?

I’ve just re-done traceback and its the exact same flag as when I did it on Sunday (and as far as I can tell the same flag for people on a different VPN). Does this mean it hasn’t been fully implemented yet or is there a glitch (which opens the door for false positives on the “cheater” alert)?

Lastly - should we be stricter with the advice we give out in private messages? Some people will ask enough questions to basically have the flag handed to them and others ask several people to piece it together. This means their flag/rank is not the same testament to their skill as the person who didn’t ask any questions.

Now, when you submit the flag (which takes at least a few seconds), the flag is invalidated and a false flag submission gets logged on your account. Doesn’t seem fair to me, to be honest.

I agree. But since “old” flags are tracked anyway(If I understand correctly) maybe there should be “claiming window” after each reset - for example half an hour. Maybe it is there already, but not announced to prevent race of the flag sharing?

I like the changes. To address @HomeSen issues, you can also keep a window with Shoutbox open so you can cancel resets while you are working on something. When I was on free tier, that’s what I did. Paying to be VIP (well worth it for the training and CPEs I get) has made that less of an issue for me now.

Type your comment> @r0adrunn3r said:

Dear all, after a lot of thought we decided to implement the following changes to ensure the integrity of Hack The Box and make HTB a place that is fair for everyone and the purpose of it is to learn and educate yourself. Read it thoroughly and HTB Stuff is here to answer any questions you may have. Happy Hacking, Play Fair and always Think Outside The Box! :smile:
HTB News | Integrity of Hack The Box

Awesome work,
Keep up the good work @HTB

Good work from @HTB

The purpose of this action @HTB is stopping “sharing flag among any parties (Free/VIP Team)”. I think it can somehow mitigate the sharing flag but not that effective because it works only after RESET. Some machines will encounter issues since they are rapidly reset like what @TazWake mentioned.

I guess there are 2 purposes @HTB wants to do so far are

  1. Integrity
  2. Marketing for VIP account

The availability issue (Rapid reset) is not a MAJOR concern for FREE tier so far. It is a kind of marketing strategy for VIP $$. The concern here is how to keep integrity valuable.

Integrity is quantified in terms of ranking. Ranking can be composed by activities in HTB. The activities that can be identified by the official is obtaining flags and write-up.

Write-ups should show the value here as it is a kind of solid evidence that the writer/user knows how to obtain the root flag. Even they have the same flag, it is not that easy to write a report. Some control shd be there to increase the effort of an “approved” write-up. So, even there is a copy cat, the cat needs to pay a great cost to earn the “ranking”. This can protect the value of ranking/integrity.

Or, @HTB can make some special hacking event with a limited time slot and count them in the ranking. Or, some challenge to script an automatic attack.

Just some brainstorm from a new guy =].

This is a great work @HTB!!

I’m a new member, but the community in discord and forum are super participative. However flag’s share is very bad for the community growth.