Dante guide — HTB

Dante Pro Lab Tips && Tricks

Lab address: https://app.hackthebox.com/prolabs/dante

INTRODUCTION

This article does not go step-by-step on how to complete machines, instead focuses on the tools and techniques you should know to complete a Pro Lab.
I used the tools described here by myself when I was going through Dante Laboratories and I thought I would gather them in one place for others.

TIP 1 — METASPLOIT & CYBER KILL CHAIN IS YOUR FRIEND

• During Dante Pro Lab you will face the scenario of the corporate network where you have to repeat Cyber Kill Chain steps on every compromised host to accomplish the whole laboratory.

Source: Own study — Simplified Cyber Kill Chain

• Metasploit Framework is a great all-in-one tool that can be used to accomplish many tasks during the Pro Lab.
• I described in detail how to use this tool in each phase of Penetration Testing in one of my articles here and suggest you read it first.

TIP 2 — DIG A TUNNEL THROUGH THE BASTION

• During Pro Labs, you will usually face a bastion host scenario.
• Bastion is a host in the subnetwork available to you just after starting the laboratory – connecting to the VPN.
• The rest of the lab machines will be probably in the subnet which can be accessed via the bastion host only.
• To exploit machines inside the internal network, you need to create a tunnel via bastion and you can learn a few techniques on how to do it in one of my blog posts here.

Source: Own study — The shades of tunneling image

TIP 3— PROFILING PASSWORD LISTS

• If you see any login panel you should conduct a brute-forcing attack against it with common credentials and with a profiled wordlist.
• Before attacking the login panel with a huge password list, you should first try to gather usernames and passwords by crawling the web page…