Course Reviewed
Format:
This course is online.
Materials:
There are no course materials I am aware of, but if there is a site with any information, please let me know.
Class size:
The class size is unknown.
Environment
The lab environment is open.
Estimated cost:
At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)
£20.00 per month with a £70.00 setup fee.
£220.00 annually with a £70.00 setup fee.
About the Course:
"Dante is a modern, yet beginner-friendly pro lab that provides the opportunity to learn common penetration testing methodologies, and gain familiarity with tools included in the Parrot OS Linux distribution."
My motivation:
I love Hack The Box and want to try this some day. Plus as this is more beginner-friendly, I want something easy, but challenging, as a change of pace.
My Review:
Let us see if I can get around to this one some day in the future.
So the day finally came around. I just signed up for Dante. I took advantage of the year end discount and signed up. I have no clue what the new year will bring, and didn't want to jump in to APTLabs like I originally planned, so I went ahead and signed up for Dante (hoping it won't be as intense as APTLAbs).
I started the lab with a ping sweep and an NMAP scan of the subnet they tell you about. I found a single box of interest, and I started looking at what I had found. As luck would have it, a habit I picked up back during the Penetration Testing with Kali Linux (PWK) allowed me to get my first flag without doing much of anything. So I was starting on a high note. After a bit of enumeration, I fell back on a method I had used in PWK and on many other Hack The Box machines in the past, and I got my foothold.
With access to the first machine, I used tried and true techniques to identy more places to move to. I wasn't really sure what to expect, and I was guessing it was going to be pretty basic. And that was true for most of the lab, but there were parts that took a little work.
Basically, I felt like I was back in PWK but having a LOT more experience under my belt. The only downside to the taking so many of these classes is that I expected certain paths and had to kept changing my thinking to a more basic level.
I was very pleased with my early progress, and would find little bread crumbs that the lab creators had left behind to help me more deeper into the lab. I finally reached a machine where the bread crumbs were pointing toward the correct path forward, and while I wanted to follow the intended path, there was another, much easier to exploit, vulnerability looking me in the eye, so I took the easier path and moved on. If time permits, I would like to go back and do things the correct way!
I eventually reached a point, where I was having trouble moving forward. The flags were falling pretty much in order (I don't recall them being out of order until I got past this point.) I could see a path forward that I thought was correct, so I did some research, dug deep in to my bag of tricks, and gained a foothold. And found that I had totally missed the correct path foward. Ugh, I had totally skipped what I should have done, because I didn't expect it. Too many Linux machines and not enough Windows machines to this point, so I missed the obvious. Although, at this point, I did get a kick out of watching all the people connected to the same box that I was connected to.
I make it to the final few machines in the lab, and I reach another machine where the intended path is spelled out pretty clearly. I could see other people on the machine working on the same issue, and based off the configuration settings on the box, I was sure I knew the intended path. But again, I knew of a work around. So I grabbed the flag, but I did not submit it. I really wanted to figure this one out, but I figured I would work on it last.
The final few boxes fell easily, and I was left with the final flag. I almost submitted it and ended the lab, but I didn't. I turned to some friends and got some pointers. And this is where I am at currently. I have the final flag, but not through the intended path, but I know the path and sort of understand it, so I will finish it up and decide what training I want to attempt next.
So after trying and trying and getting close to doing the final flag I had left, I jumped on the box and saw at least two oor three people logged in. I sneaked a peak at some of their work and got an idea on how to finish out what I was working on. And after a LOT of experimentation, I found that different exploit code, which did the exact same thing, had vastly different results and I was able to do some really freaky things when testing my code.
Misc:
There was one machine in the lab that seemed to have a lot of people using it at the same time, and I do not know why. The lab creators leave you information to make life so much easier and skip the congestion. But again, there is that whole 'pivoting' thing that many people don't like, but can make these environments so much more fun.
The Exam:
There is no exam at the present time, but if you submit all flags and request it, you can get a Certificate of Completion.
My two cents:
I would say that most of the stuff in very entry level and beginner-friendly. Well worth the time and effort. However, I may be overcomplicating the two 'intended paths' that I have skipped. I am not sure I think these are beginner-friendly, but I am probably making it a WHOLE lot more complicated than it is. Maybe I will ask a few friends to how they accomplished these tasks and see if what I was doing is overthinking things (I know for the first skipped 'intended path' someone else I talked to took the easy way like I did).
After submitting the last flag, I think at least the second place I was stuck was not very entry level. But at least I learned a lot. And I never did go back to the first place that I was able to find an alternate method than what I *THINK* was the intended method. However, like the other Pro Labs, this one was fun and worth a few months of time and effort.