This is my review of the Pentester Academy Red Team Lab.
I got the possibility to try out the Red Team Lab (Thanks Nikhil Mittal) and I wanted to write my experiences with it. This was a lot of fun and I learned a lot of stuff along the road.
It started out with a mail that I got from pentesteracademy.com. This mail had credentials for the VPN and the VM. It also had links to an archive of course material presented by Nikhil Mittal. This archive was really useful during my testing of the Red Team lab. If I got stuck somehow I watched the videos to get hints and that was really helpful. This also provided me with some learning points. The mail also included a link to a Google Form where I could submit my flags during the engagement. This was also useful since it kinda hinted on where to start and which systems to focus on.
Here is a drawing of the setup (borrowed from pentesteracademy.com):
I don’t want to spoil any of the challenges, so I will not provide details about what I did. Unfortunately, I never got the time to commit 100% to this, since a lot of other stuff happened in my life, so I had to choose what challenges I wanted to use my (little) time on.
The first thing I started with was to look at the VM I got to log on to with RDP. My first challenge was trying to escalate my privileges to a local administrator. I solved this one pretty fast, but it was a lot of fun. Always fun to escalate privileges, especially if I know there is a way. 🙂
I decided that my second challenge would be to target a jump server. This was really exciting especially since it was AppLocker protected and had Constrained Language mode applied. I used a lot of time on this, but I managed to nail it in the end. This challenge was really fun and I learned a lot from it.
The third challenge I started on was to take the one of the SQL servers. I did get a good start on this, but I never got the time to finish it. I managed to get good into the challenge and started to get some results from my theories and attacks, but I never got to the flag.
All in all, this was a really good challenge and well thought out layout of the VMs and Active Directory. This is a really good way to learn more about attacking Active Directory and Windows environments. I can recommend this for pentesters that want to learn more about attacking Active Directory.