Overview
I recently completed the Dante pro lab from HackTheBox. Dante is a realistic simulated corporate network aimed at junior penetration testers. In This post I will give my review and some recommendations for Dante.
Review
Dante is the most junior of the pro labs that HackTheBox offers so it was the obvious starting point for my intro into pro labs. Dante covered many different topics such as:
- Enumeration
- Exploit Development
- Lateral Movement
- Privilege Escalation
- Web Application Attacks
I’d say that it covered all of these topics from the marketing of the pro lab. Some are covered more heavily that others which is to be expected. For example there was more web exploitation and lateral movent than exploit development, and oh boy was there a lot of lateral movement.
While there is a good amount of interconnectivity and dependency between the boxes it can sometimes feel like a bunch of HackTheBox machines networked together. As you pivot deeper into the network some machines will require pieces of information from boxes you should have done previously, so you cannot afford to neglect post-exploitation and pillaging. However you will get very comfortable with working through pivots, dante will make you work through many pivots at once. Dante also has a big focus on enumeration, you need to be sure not to miss anything or you may be in for a rough ride.
The machines in Dante on the whole felt more realistic than your average HTB box. You will still see a lot of the pattern of exploit > access > privesc that is present in regular boxes. Still Dante featured some exploit paths that are only really possible in a networked scenario like this that you wouldn’t see in a standalone box.
I would recommend Dante to anyone who wants to practice Junior level penetration testing techniques. I found the content to be on par with OSCP so if you are preparing for OSCP Dante could be a great option for you.
Tips
Pivoting
You will have to make and work through multiple pivots during your time with Dante, in fact I’d even say that over 90% of your time will be spent working through at least one pivot. This is why I’d recommend learning how to use Ligolo-ng, learning this will save you so much time and heartache when making and using your pivots. It has better performance than using something like a SOCKS proxy and let’s you keep the full functionality of IP. I was able to run full port scans over multiple pivots in a timely fashion using this tool, I’d die of old age trying something like that over SOCKS.
Post-Exploitation
You will come across situations where in order to progress you need a piece of information from a previous machine. This is why it is very important to keep detailed notes and maintain a loot collection of sorts. I ended up making a note full of all the loot I found which came in handy multiple times.
Keep It Simple
Dante is designed for junior penetration testers and other beginners. You wont need to do any super fancy or complex exploits within Dante. If you find yourself looking at some strange or esoteric exploit path you are probably not on the right track.