Review of HackTheBox — Pro Labs : Rastalabs

Introduction

RastaLabs is designed to simulate a typical corporate environment, based on Microsoft Windows systems. Elements include Active Directory (with a Server 2016 functional domain level), Exchange, Internet Information Services, SQL Server, and Windows 10 workstations. Machines are also segregated across multiple subnets.

The following are the prerequisites for the lab

• Solid understanding of red teaming/penetration testing or blue teaming/security administration of AD environment.
• Solid formality with Active directory and PowerShell scripts.

Lab Network

Rastalabs — Environment

About The Lab

RastaLabs is hosted by HackTheBox and designed Active Directory Lab (Server 2016), Exchange, IIS, Sql Server and windows 10 client.

All machines are AV Patched and your exploit won’t save you :(

The focus of the lab is on a Windows Active Directory environment, where players must get a foothold, increase privileges, be persistent and move laterally to reach the final goal of Domain Admin.

Topics Covered in Lab

• Phishing (OSINT)
• Powershell
• Active Directory enumeration & exploitation
• Lateral movement
• Attacking kerberos
• Persistence techniques
• Patience & perseverance + Creative thinking

Worth or not ?

This lab is fantastic. It provides a great environment to learn AD exploitation on current technology and develop skills that are actually applicable to real-world scenarios. “Rastalabs is not a begineer-friendly lab”.

For a kick — try this lab :)

My review ?

RastaLabs is one of the best pro labs on HacktheBox and is definitely worth every penny. The journey starts from social engineering to full domain compromise with lots of challenges in between. I personally recommend this pro lab and the best part is RastaMouse/ HackTheBox keeps updating it in time to time.

There is an awesome course by RastaMouse if anyone is interested — https://www.zeropointsecurity.co.uk/red-team-ops

Reference Links

• https://adsecurity.org/
• http://blog.harmj0y.net/
• https://chryzsh.gitbooks.io/darthsidious/
• https://www.ired.team/
• https://www.mdsec.co.uk/blog/
• https://pentestlab.blog/
• https://www.trustedsec.com/blog/
• https://rastamouse.me/blog/

Conclusion

Fig 1.4 — Certification from HackTheBox

Thanks for reading the post.

Thanks to Rasta Mouse for creating such a great Lab & HackTheBox for hosting and i specially thanks to support team.

Special Thanks to — Pavel, Anurag, Kishan, Faisal, Sultan, Ajay, Raghav, Adhokshaj, Avinash, Aseem, Dhairya, Mayank Lau, Sharma Ji, Amol, D3, Rahul, Vivek, Prashant, Sarthak, Rishabh Dangwal, Vipin Kumar, Akshay Jain, Shubham, lakshay & all my friends who always motivate/guide me to try new things. Also, thanks for motivating me to write this blog.