Do you know about CTF (Capture the flag)?
In the IT field, CTF is a gamified version of hacking, where the objective is to extract information from a given machine. The Information to be extract is called "flag". Players identify vulnerabilities within the machine, exploiting them, and retrieving the flag.
For a machine to be a viable target for CTF, it must have vulnerabilities that allow penetration and flag(s). However, physically preparing such machines is nearly impossible. Throughout the flag capture process, players gain administrative privileges on the machine, enabling them to make any changes.
To enable multiple players to participate in the same "game", each player needs to be provided with identical machines. Virtual machines serve this purpose perfectly.
HackMyVM is a free online CTF platform that distributes target machines as VirtualBox machines. Players run the target virtual machines on their own computers.
Similarly, VulnHub is another well-known large free platform that offers a vast array of target machines, players, and resources such as walkthroughs and videos compared to HackMyVM.
Both platforms are excellent, but HackMyVM stands out from VulnHub in the following:
- It keeps records of which machines you have cleared.
- It has a points and ranking system.
- It provides a list of walkthroughs written by other players.
Particularly, (3) is invaluable. You don't need to search when you're stuck and easily explore multiple strategies. While the general approach may be similar, the tools used, methods of finding vulnerabilities, and the sequence of attacks can vary from player to player. By comparing them, there is much to be learn.
Despite having fewer machines compared to VulnHub, as of , HackMyVM is offering 242 virtual machines. Not too many, not too few. Together with (1) and (2), I feel compelled to conquer them all.
Getting Started with HackMyVM
Creating an account
All you need for signing up is a unique username and password. Since no contact information is necessary, password resets are not supported. Make sure not to forget your login credentials.
Installing VirtualBox
VirtualBox is necessary for running the target virtual machines.
Downloads – Oracle VM VirtualBox
Downloading and Running Machines
In HackMyVM, the targets are referred to simply as "machines". After logging in, navigate to the "Machines" section on the left side of the screen to download your preferred machine.
Once downloaded, launch the virtual machine image using VirtualBox. You may need to adjust the network settings accordingly.
Other Platforms
There are platforms that provide cloud-based target virtual machines for each user:
These are more like general information security learning platforms rather than just CTF. Although they are subscription-based, they provide excellent quality and quantity of learning materials. In addition to target machines, they offer machines for use in attacks. While usability may not be very good, everything from learning to playing CTF can be done within the browser.
For those seeking structured learning experiences, these platforms are recommended over HackMyVM or VulnHub.
Thought
The process of searching for vulnerabilities and trying to attack is essentially learning penetration testing techniques. Through HackMyVM, you can gain a more concrete understanding of information security. Give it a try!