Back in late February, I took a bit of a break after passing my OSCE exam. Of course, it wasn’t too long afterwards that I got that itch of “I need a new challenge.” A few people that had recently taken the OSCE were discussing RastaLabs, and how awesome it was, so I followed their lead and ponied up the lab fee. The fee itself is a bit steep (or initially that’s what I thought), but after having gone through the lab, it is 100% completely worth it…without a doubt.
RastaLabs is hosted by HackTheBox.eu, and you’ll have to pass their initial challenge in order to sign up for anything on their site. The lab (RastaLabs specifically) is a simulated (mostly) Windows environment, with one or two other OS’s mixed in. The Windows versions are all Win10 on the desktop, and Server 2016. Searchsploit/Exploit-DB will be of no use to you here, previous OSCP’ers. No CVE’s, no simple LFI’s, none of that.
The environment simulates a moderately security-conscious network for the most part. Along the way, there are flags that help to guide you throughout your path. In full disclosure, I did not get all the flags (*sad trombone*), but the goal is getting DA, not just the flags. As of this writing, I still have some time left, and will probably go back and get the few that I missed. (except for one, because…just no).
A Common Question – How do the OSCP Labs Compare to RastaLabs?
As I mentioned above, searchsploit, Exploit-DB, etc. will be of no value in this lab.
Here’s what the OSCP labs will help you with:
- Developing the penetration tester mindset (aka Try Harder!)
- I used to get sick of hearing this, but it’s entirely true!
- How to identify and search for known vulnerabilities
- Getting shells
- Documentation (it doesn’t teach you this directly, but it will definitely help you hone the skill
- Basic ways of transferring files to/from compromised hosts
The OSCP labs are designed to give you exposure to many different vulnerabilities. It typically does not simulate a real-world environment, although I’m sure there are some out there like that. You’ll hone your enumeration skills, as some machines have hints and other juicy info that will help you crack others machines in the lab.
Here’s what RastaLabs will help you with:
- Active Directory enumeration
- A deeper understanding of AD
- Attacking kerberos
- Lateral movement
- More enumeration…
- Persistence techniques
Hopefully that gives you a better idea of what to expect if you’ve already taken the OSCP. They’re both great experiences, just in their own way. You will undoubtedly, learn a ton in each lab.
One thing that several others have mentioned (and I’ve experienced) is that sometimes you expect/know a certain action should be taking place on a lab machine, but it’s not for whatever reason. Perhaps a script failed/got hung, or someone else in the lab left the machine in a state of borkedness. While this will also be true in a real environment, trying to sort out what should be happening vs. what is actually happening can be frustrating in a lab environment. You cannot revert these machines, as you can with the OSCP labs. You can reboot them, but not revert.
RastaMouse is typically very responsive to requests for assistance, but if he’s offline or otherwise unavailable, you’re stuck for the moment. I ran into a few instances of “I don’t think this is supposed to be that way” – but that’s going to happen in any lab environment that is simulating a working network. Deal with it, as they say.
All in all, well worth the investment from a time and cost standpoint. I learned a lot that will help on future engagements, and having full working lab to hone your skills on Powershell Empire is fantastic. You will come up with a deeper understanding of what it can do, and the problems it can help you solve. I know one of the tasks I could’ve used on an engagement a few months ago…I was bummed that I wasn’t aware of this one certain technique at the time! (Sounds like a clickbait-y headline: Hack all the things with this ONE WEIRD TRICK!!)
Props and such to Mr. Mouse for getting this up and running, and all the hard work that went into it. Props also to harmj0y (and many others out there) for all of their work in putting the research and time to their craft, and then sharing it freely. That’s the best part of all this field to me…all these brilliant people who dedicate themselves to it and then pass their knowledge along to you at no charge whatsoever. That’s pretty incredible.
Credit is also due to the following people for their time, knowledge, and assistance:
Xpirabit: –> https://twitter.com/xpirabit
Dominik Schaudel –> https://twitter.com/dschaudel
Now, go forth, and hack the things!