Penetration testing lab review: Hackthebox Offshore
With the increase of Cloud Computing adoption, many penetration testing labs are emerging every day. From small challenges to enterprise-scale infrastructure, I am sure you will find the right penetration testing lab that suits your level of skills and your career path.
Today, I will review the Offshore lab from HacktheBox based on my experience.
Why I chose a penetration testing lab?
I’ve been learning about Active Directory hacking for a while. I read blog posts on the internet on how it works and how to approach it from an attacker perspective. I also built my own local Active Directory lab and tried hacking it.
However, I didn’t feel I am progressing much. I had to first learn about each attack, then introduce the vulnerability in my lab and attack it myself. I had to spend too much time and effort trying to switch hats between the sysadmin and the hacker. Besides, I wanted to train on a penetration testing lab that mimics a real company, and my computer can’t just spin up such a big lab.
Hackthebox Offshore penetration testing lab overview
This penetration testing lab allows you to practice your hacking skills on a company which uses Active Directory for its core IT infrastructure. Therefore, you will learn so many different techniques to take down most of your clients since Active Directory is widely used, especially in big companies.
Besides that, you will have to hack some Linux machines here and there, from breaching the DMZ to exploiting internal web applications. Throughout the journey, you will collect many flags. Once you have them all, you can request your certificate of completion.
So, I purchased a monthly subscription plus the setup fee, received the VPN connection pack and started my hacking journey!
Offshore penetration testing lab requirements
To be able to take the maximum value from this realistic penetration testing lab, there are some knowledge requirements I recommend you have first. Trust me, it will allow you to totally benefit from the lab instead of banging your head with concepts you could have learned elsewhere, for free!
Web application security
There are many web applications in the lab that you have to exploit before landing on the Windows Domain. If you don’t know how to exploit a basic SQL injection or have trouble understanding the OWASP Top 10, I highly recommend you start there first. In fact, because this penetration testing lab focuses on Active Directory hacking, you will have a hard time getting hold of a Windows machine.
Don’t worry though, you can quickly learn about that in the OWASP Top 10 training I give for free to all those who want to start learning web application hacking.
Active Directory basics
Although this penetration testing lab focuses on Active Directory, there is no walkthrough that will walk you through the steps you need to take. At least, you have to understand and ideally practice known attacks such as Kerberoasting, Pass-the-Hash, DCSync, etc. You will find some references at the end of this article.
If you are looking for a penetration testing lab with a walkthrough, then maybe Pentester Academy’s AD course is the one you should get.
Basic knowledge of Networking
During the lab, you will move through many different subnets, build SSH tunnels, proxy your traffic using SOCKs proxies, get reverse shells, etc. All these operations require you to understand the basics of networking. You should be familiar with Network routing, subnets and SSH tunnels.
If you have done OSCP, you should be fine since there is a chapter about such concepts. Otherwise, there are many Youtube videos that can teach you just that.
How to succeed in Offshore penetration testing lab?
Ok, you have what it takes to tackle this penetration testing lab? Here are the things I suggest you do in order to succeed.
Before going further, I should mention that the entry point is 10.10.110.0/24, which is oddly missing from the Lab, but present in the creator’s blog post, mrb3n.
HacktheBox Discord server
Once you purchase the Offshore Lab, I recommend you join the dedicated channel prolabs-offshore where you can interact with your peers. I made many friends along the journey. We collaborated along the different stages of the lab and shared different hacking ideas. Sometimes, all you need is a nudge to achieve your exploit. Other times, you simply need a hint to start learning about a new attack.
Enumeration, Enumeration, Enumeration!
If I have to tell you the one biggest skill you practice in this penetration testing lab after Active Directory hacking, that would be ENUMERATION!
You will have to properly enumerate your target at all the stages! From asset discovery to post-exploitation. Some attacks require exploiting misconfiguration issues which you can’t achieve without the knowledge you gain through proper enumeration. Some flags are even carefully put in places you can never find unless you dig deep.
Prepare to be surprised
This penetration testing lab is rich in Active Directory attacks, OS distributions, web applications and other services, including encryption! You will surely get stuck at one point or another. Therefore, prepare yourself mentally for that! It is not an easy and straightforward lab and it will teach you that hacking a company is usually a bumpy road with many surprises along the way.
Finished the penetration testing lab? What’s next?
Once you finish the lab and collect all the flags, I encourage you to try other ways. This is a great chance for you to practice Metasploit workflow to speed up your hacking process. Or maybe it’s time to test that Command and Control (CC) Server you’ve been planning to learn. What’s a better opportunity than testing those skills on a real-life playground, ethically!
Conclusion
I hope this article gave you a clear overview of the Offshore penetration testing lab. Don’t forget to unsubscribe from your monthly payment once you finish. And maybe purchase another one from this awesome hacking platform!
References
- Awesome collection of well-known Active Directory attacks: https://attack.stealthbits.com
- The bible of Active Directory hacking: https://adsecurity.org