Review of Hack The Box - Offshore

These are my personal opinions based on my background and training experience.

Course Reviewed


This course is online.


There are no course materials but https://www.mrb3n.com/?p=551 might provide some needed information.

Class size:

The class size is unknown.


The lab environment is open.

Estimated cost:

At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)

£20.00 per month with a £70.00 setup fee.
£220.00 annually with a £70.00 setup fee.

About the Course:

"Offshore is a real-world enterprise environment that features a wide range of modern Active Directory flaws and misconfigurations."

My motivation:

Well, I have decided that this is my next step in my journey to gain more Red Team knowledge.

My Review:

I signed up for a monthly subscription and read the information on the web page, but when I connected, I had no clue where to start. I was not on a jump box, like in other labs, so I didn't have the same starting places as I had been used to with PentesterAcademy's labs. To be honest, I was a little stumped.

I checked my OpenVPN connection settings and my routing table, and did a quick ping sweep. Once I found a box, I realized I wasn't going to be connecting to it via RDP. The panic began to build. This was hyped as an Active Directory environment and I didn't have access to said Active Directory. Yes, I know boxes other than Windows can talk to Active Directory (set it up once on some Red Hat machines [following directions that were good enough that I could make it work with only little extra effort on my part]).

Then, a little voice in the back of my mind spoke up and said, "This is Hack The Box! What would IppSec do?" If you don't know what IppSec does, check out his videos on YouTube (the guy is amazing!)

Then I heard someone say that the creator of Offshore had a web page. So I visited mrb3n's website at https://www.mrb3n.com/?p=551 and saw where he said the entry point was. So at least I was on the right track.

Then I got thrown for another loop as I continued to think I was in a PentesterAcademy lab. I asked someone for help (basically asking if I was supposed to do certain things) and the response was, 'Once you find this port and what is on it, you will know what to do.'

Only I looked at the box and kept being stumped. Then, I thought, what would I do if it were the Penetration Testing with Kali Linux labs? And the box fell fast after I changed my thinking (although there was that one flag at the beginning that I got a direct pointer to from a friend or else I would have been stuck for days).

I have heard that there is an order that you should do the boxes in, and after gaining access to a few boxes, I see how they guide you. Enumeration is the key. Let what you find on each machine guide you to the next machine.

I gained access to several boxes fairly quickly and then I hit a roadblock. All my attempts to escalate privileges failed. After another hint from a friend, I figured out what I was doing wrong and moved on. I blew through the other boxes using techniques learned from my time in the PentesterAcademy classes and I now have almost all the flags. There are some challenges along the way that I haven't been able to figure out, and some that I think I know the answer to but haven't been able to finish them.

I would like to say a quick Thank You to IppSec and MrB3n, because I encountered a situation (I think it was a challenge done by IppSec) in the lab where I needed to take a program done by IppSec and modify the code. I thought I understood that code when I started working with it. Three days later, three or four of IppSec's videos later, and something that he said finally made things click for me. Finished up the main part of my custom program within minutes of that revelation, and now I have two more hurdles, on this part, to go before I will be just about done with Offshore. So this has been a great learning experience, and worth the couple of dollars spent for two months of lab time.

A short note about the lab environment. Unlike some of the other labs I have been in, I am almost constantly co-located on boxes with other members. I see the commands they are running, the files they have dropped and often run into issues others have caused. For example, I had a script to get from the starting point to several boxes in the lab. One day, I logged in and attempted to use my script to get to one of the boxes and it failed reporting a bad password. A quick check and the password had recently been changed. No clue why it was changed, but I had enough information that it didn't really bother me. I also altered my script to use a different account, and I have not had the same issue again.

There has been only once where I benefited from someone else being on the same box as I was on. They had dropped a program on the disk that I saw. I had spent several hours trying various things, and was getting frustrated. I realized that the person who dropped the file on disk was already on the box I was trying to reach. So I figured my enumeration was lacking and that is when I realized I didn't do much enumeration from that box. I started running BloodHound and some of my PowerShell scripts and almost instantly saw my mistake. So that file helped me realize I was not on the right path (and I ended up copying their file and using it too.)

I have learned a few things (with the biggest thing being to treat each of these training opportunities with an open mind and not try and make them follow the same patterns as other training courses.) One of the extra challenges has been a little fun, but I am still stuck and the part I am stuck on is very frustrating. I have no clue on some of the other challenges. I will say that the low price is worth it. I have been subscribed for a few months but did over 80% of it in less than a month of a few nights and a couple of full weekends worth of time.

So the lab updated right after I finished and had gotten all the flags. It looks like I was given credit for one of the two new flags, and I spent about 8 hours one day working my way back through the lab to find the second flag I needed. The lab changed a lot more than I expected, and it made working back to the end a little bit of a challenge.


After I completed the course, I decided to try and help others because I found it hard to get help at a few points like the crypto challenge (I eventually did find help, but it took a while.) Anyway, while helping other people out, I found that some of the methods I used were not intended. I guess other people had messed with stuff in the lab and I got the luck of the draw and thought it was intended. I also recently tried to help someone using my old data and found that the lab had changed so much that none of my notes were valid any more.

The Exam:

There is no exam at the present time, but if you submit all flags and request it, you can get a Certificate of Completion.

HTB Offshore CoC

OMG! I love the new certificates of completion. They look so awesome. Great job to the designer(s).

Updated HTB Offshore CoC

My two cents:

I really liked this a lot because most of my techniques were not techniques other people used. For example, I tunneled across the entire network and never saw another person using the same technique. I taught a few people how to do what I did after I ended my lab time, so other people might be doing the same time now. The crypto challenge, and the IppSec challenge were super fun.

Copyright © 2024

Contact: redteamtrainingreviews @ redteamtrainingreviews.com