[HTB] DANTE – Review

I recently wrapped up Dante, the pro lab from Hack The Box which is considered to be OSCP level.

Lab value was 90 pounds and the lab had 14 machines, 1 being out of scope (the firewall).

Lab machines

As you can see, the lab is made out of multiple Windows and Linux machines and you get to practice a multitude of attacks. Some of them are:

  • Web App attacks
  • Buffer Overflows (2 BoFs)
  • Kerberoasting
  • Pillaging (gathering information from the target machines)
  • Different privilege escalation techniques
  • Credential reuse
  • Pass the hash (not sure if that was the intended way, but still…)

The machines have 1 to 3 flags depending on the exploitation, services running, etc.

I consider it a good practice to learn how to pivot through the network and how to exploit machines, both individually and by leveraging information found on a machine to access another machine.

There are a total of 26 flags you need to find and submit. The certificate can be generated from the settings of your account at the certificates tab.

The certificate looks like this:

Dante certificate