If you are just starting into pentesting or if you are an expert in it, you should definitely know about HackMyVM. HackMyVM is a platform created by sML around 2020. This is similar to another platform called Vulnhub. In this post, I will try to cover as much as possible about it and my involvement with it. So, let’s get started — HackMyVM – Platform for Vulnerable Machines.
To understand what HackMyVM does, we have to understand what vulnerable machines are. If you don’t want to end up in a prison, especially new hackers, you cannot try testing websites on the internet without consent. But before that, you also need to understand the vulnerabilities that can be present in a system. Therefore, many people create virtual machines with one or more vulnerabilities.
Generally, other people have little to no information about the vulnerabilities on the machines. Thus, they have to find a way inside them. The most common way to enter into a machine is using the hosted websites on them. After one enters into the machines, there are two flags placed – user and root. These flags are pieces of text that can be in any form, mostly a plain file. Other times, they can be inside a database, in an image, etc. So, as you can guess, the aim is to get the root or administrator access to the boxes (machines). You can check my writeup of the very basic first machine of the platform.
So, there are many platforms out there like HackMyVM, Vulnhub, HackTheBox and TryHackMe to name a few. HackMyVM and Vulnhub are free to use and you have to download the virtual machines on your own workstations. On the other hand, virtual boxes are hosted online for the other two mentioned platforms and they are not completely free.
HackMyVM – Why is it special?
As I said, there are several platforms that do similar jobs. But why is “HackMyVM” special? The main reason is it focuses on the quality of the overall platform. Likewise, the ideas are entertained as well. Similarly, it is growing at a fast pace with new features coming often. Most importantly, the machines are often lightweight and well tested by both the creator and the moderator, sML. In addition to this, the community is so welcoming. You can check the following link for more information.
You can join the HackMyVM platform anonymously or by creating an account. With an account, you can join the competition and ranking. To give brief information, you get points for capturing flags and writing writeups about the machines. In a similar manner, you also get badges depending on your actions on the platform. For instance, you get the “FirstRoot” badge if you get the root flag first of any machine for the first time.
As of the writing, there are 146 machines, 2690 hackers and 312 writeups on the platform. The machines are further categorized by difficulties – easy, medium and hard. So, pick a machine, download it and import it in VirtualBox. However, you also have to join the Discord community to take full advantage of the community help.
The post isn’t finished yet. Recently, the new feature HMV Labs was introduced. These labs are hosted in the cloud and one has to log in via SSH. These labs are different from other machines because they are created by the creator with a lot of missions inside them. On the other hand, anyone can submit the machines that I was talking about earlier. If you want to understand how HMV Labs work, check out my write up of the first lab “Venus”.
Donate if you can
Since this platform is community-driven, there is a certain amount of time spent to create the machines, maintain the platform, pay for the platform, write writeups, etc. So, if you have some money to spare, please tip the creator to keep up the motivation. The link for the donation is below.
Or if you want, you can donate to me too ?. But, I don’t have any easy payment methods in my country right now except wire transfer. ??
By no doubt, the platform is great and I suggest anyone be a part of it. You won’t regret it. I also need support to continue my work. So, please keep following my blog now and then. I have written walkthroughs for the HMV machines. You can check them from the link below. Till then, Namaste!