Hack The Box Dante ProLab

Published on 09.04.2021

Hack The Box Dante ProLab

A short review

Dante is a so called Pro Lab on Hack The Box¹, a plattform to sharpen your information security skills. The Pro Labs come each with extra charges ² and provide you with a set of connected machines. That's a huge difference to the traditional Hack The Box modus, where each machine is in an isolated environment for itself.

My Dante Pro Lab certificate - fancy artwork

Why a Pro Lab?

In comparison to a set of isolated machines, a lab full of connected machines will give you additional challenges.

You have to organize yourself better, since there is more of everything: more machines, more accounts, more credentials ... and the credentials of an user on the first machine maybe will become handy seven boxes later. And after gaining access, and suddenly a lot of machines are in reach, you have to priotize, since you want to harvest the low hanging fruits first.

After rooting a machine, you may not only collect a flag, but you also have to search for stuff that may be the key to another machine. This loot has to be managed systematically. Even if Dante is with 14 machines by far not the biggest Pro Lab, it teaches you this lesson very well.

Additionally, there is the pivoting aspect. To reach most machines, you have to pivot over previously p0wned machines into other subnets. Pivoting is not complex, but the first steps may have a nice learning curve.

Am i ready?

Dante is classified as beginner Pro Lab, and it certainly is. But beginner is a vast field in information security, especially in penetration testing. Beginner shouldn't mean that your first way after solving the Hack The Box registration challenge leads you to Dante. I would say, you should at least be able to root some of the easy Hack the Box Easy machines without help, and if you read an entry article about pivoting³, this should not sound like dark magic to you. The idea of Dante is to simulate a real engagement. You will not get this experience, if every concept in the lab is new.

Dante and the OSCP

If you search for other reviews, you often read about comparisons to PWK / PEN-200 / OSCP⁴. I would subscribe to these views. I earned my OSCP in May 2020, and with an OSCP skillset, there should be no topic in Dante that is completely new. The other way around, if you blast trough dante, earning an OSCP should be in realistic reach.

But is Dante a good preparation for the PWK course? That depends from your view. Offensive Security designed the PWK course as a learning experience, with fitting PDF and video materials. Dante does not offer this. Dante is more comparable to a smaller version of the PWK lab. To solve Dante, you need the knowledge you gain during the PWK lab and the provided study material. But if you have this knowledge already, than it doesn't really make sense to spend time on the PWK course ... I hope you get the point.

Okay, but then Dante is a good preparation for the OSCP exam, right? I don't think so. The OSCP exam is about isolated boxes. So if you want to train specifically for the exam, you want to solve a lot of easy and medium Hack The Box machines to get an adequate level of profiency and build a methodology for this scenario. I did this between PWK lab time and my OSCP exam.

During my PWK, I focused a lot of isolated machine targets, since this the main concept of the exam. Dante gave me the possibility to catch up on the pivoting contents of the PWK. I under-utilized this area during my PWK lab.

Stability

For me, Dante was a very stable lab. The VPN was stable and the boxes were stable. In the Offical forums⁵ are some users experiencing VPN problems at the time of this review. So if you have trouble connecting to the entry point, you may want to take a look there. Of course, you want to use robust and repeatable methods for your persistence access to machines, especially on the machines you use for pivoting. On the entry point of the lab, it can get a little bit crowded ...

Everthing fresh and shiny?

Dante is a very new lab, so all the content is fresh and up to date. There seems to be some kind of continous improvement process in place. During my lab time, a new flag was added (even if the change log does not mention it). The future will show, if the machines are patched continously (yes, i am looking at you, CVE-2021-3156). But I can't tell bad things so far.

Conclusion

For me, Dante was worth the time and money. I could improve my skillset and it provided continiously bits of success. Shoutout to egotisticalSW for this lab!

If you ask yourself, what the heck is Hack The Box, you may take a look at https://www.hackthebox.eu/.
At the time of this post, it's a one time setup fee of roundabout 82€ for each individiual lab and an additional monthly fee of 23,50€, depending on the current Pound to Euro exchange rate. From time to time, there are special offers with reduced setup fees.
The Pivoting chapter in Metasploit unleashed can be a nice entry point.
The Penetration Testing with Kali Linux course (PEN-200 / previously PWK) is an entry level penetration testing course. The corresponding certificate is the Offensive Security Certified Professional / OSCP
https://forum.hackthebox.eu/, there are specific threads in the Pro Lab category.