RastaLabs
RastaLabs is a virtual Red Team simulation environment, designed to be attacked as a means of learning and honing your engagement skills. The focus of the lab is operating within a Windows Active Directory environment where players must gain a foothold, elevate their privilege, be persistent, and move laterally to reach the goal of Domain Admin.
Prerequisites
- Familiarity with Penetration Testing tools and techniques
- Working knowledge of the Windows Operating System
- Decent understanding of Windows Active Directory
- Practical PowerShell knowledge
What will you gain?
- Phishing
- Situational Awareness
- Local Privilege Escalation
- Windows Active Directory Enumeration and Exploitation
- Lateral Movement and Pivoting
- Exploit Development
- Password Cracking and Credential Theft
- Token Impersonation and Pass-The-Hash
- Creative Thinking (always #ThinkOutsideTheBox)
My Thought
I would recommend that playing RastaLabs alone is the bad option. Because when you doubt that you are still on track or not you might ask on the official Hack The Box Discord. However, there are around 10 people who actively play RastaLabs when I am working on it. In addition, the official Hack The Box Discord is not enthusiastic as it should be from my experience. For example, when I was stuck on some steps for several days. I decided to ask on the official Hack The Box Discord especially the RastaLabs channel but nobody responded. My solution is a bit hasty by directing a message to someone that previously opened for a direct message. Finally, I decided to play RastaLabs with my colleagues and the progression was quite impressive. That is why I recommend do not play RastaLabs alone.
Regarding the technical knowledge, I would recommend that an antivirus evasion technique is required. The general malicious binary would be deleted by antivirus software on the target machines. Custom C# or C++ code is the best fit for Windows machines. Encryption of your payload is also a great option, it worked as well in my scenario. In addition, a solid understanding of Windows authentication and Windows Active Directory is a must. It will require extensive research, the default wordlist might be not working against RastaLabs. For example, constructing Wordlist through regular expressions, from a website, and keyboard walks.
However, it wort for trying harder to get new knowledge along with flags. Also please remember RastaLabs is shared with other players so you might me found some high-value information that was unintentionally discovered on the target machine.
Conclusion
The goal of Windows Active Directory exploitation is a domain compromised. Mostly, Windows Active Directory vulnerabilities are caused by misconfiguration. For example, some domain users might have excessive permission. As a result, the domain was compromised by a small mistake. I have to connect the dot similarly to real-world scenarios, for example how this user related to that used inside the organization. I learned a lot from RastaLabs especially the antivirus evasion technique and Windows Active Directory concept.
Special Thanks
Thank you to my colleagues for playing along with me. Thank you way2muchnoise, Maglok, and burmat for helping me along this journey on RastaLabs. I could not be completely RastaLabs done without you guys. Thank you rastamouse for creating this amazing RastaLabs!
Humble beginnings and The Devil’s in the detail.
