Avoiding DOS


The rules for the site state: “Any form of DoS (Denial of Service) is forbidden
There is no reason to use any form of DoS on any machine inside or outside of HTB Network. If you accidentaly perform such an attack let us know asap.”

I have read several writeups as well as begun to solve several of the machines and challenges and have observed that many require brute forcing tools/dictionary attacks to complete. I am wondering if anyone has any recommendations for how many threads or requests per minute are appropriate when running some of these tools such as dirb, hydra, etc… to avoid accidentally DOSing a box.


Nothing bad will happen if you accidentally DOS a box. If you notice your tools causing issues lower the threads and try again. If a box goes down just revert no harm done. I can’t really give you an answer at the number of threads, because that depends on the box.

That being said if you kick off a 1000 thread dirbuster against every box simultaneously and take down an environment multiple times… Expect a stern talking to.

Ah ok, I was just wondering because I wasn’t so much worried about taking one down as slowing one down and ruining anyone else’s experience. Thanks for the response.