Designing a box with nested VMs

Hi guys.

I am in the process of putting together a little mini-lab, and was considering turning it into a Hack the Box when I get a bit of time.

The lab consists of a small number of Windows machines (probably three), with a pathway required to hack your way to a second machine via the first. The way I’d probably tackle this is by having an outer box with two VMs inside it, and one of those internal VMs being assigned the HTB accessible IP.

My questions are:

  1. Would HTB allow a machine with nested VMs?
  2. Is there a preferred method of doing this (my current thought is a HyperV edition Windows server that itself is a VMWare virtual machine, and all the actual hackable machines being inside this).

Thoughts appreciated.


I think this is an awesome idea. HTB has had boxes with multiple layers in the past (check out Reddish for a retired example).

While it makes life super hard (Reddish took me weeks), there is a lot of value in having a box where you need to pivot internally. Its rare for CTFs to give practice in things like setting up tunnels, proxychains etc.

The best guidance is probably Machine Submission Checklist — Hack The Box :: Forums

Cheers, having a check through that post gives a good idea for the general format and flags and stuff, but I guess the nesting thing is too rare for them to have a sort of policy on.

Agree though, there don’t seem to be a huge number of boxes with these kinds of levels to them, so would be fun to build one including some of the (to be fair, probably not that complicated) stuff I see day-to-day. I think in the end I’ll probably just pull it together at the weekend, submit it and see what they say to be honest.

This is a fucking insanely cool idea! Although I can’t help you much with it, i thnk it’s a really cool idea!

Cheers, quite pumped to do this now!

Type your comment> @sirboffalot said:

Cheers, quite pumped to do this now!

Sounds awesome man. Love it!