RastaLabs guide — HTB

RastaLabs Pro Lab Tips && Tricks

Source: https://app.hackthebox.com/prolabs/rastalabs

INTRODUCTION

This article does not go step-by-step on how to complete machines. Instead, it focuses on the tools and techniques you should know to complete it. I used the tools described here while going through RastaLabs and decided to gather them in one place for others.

TIP 1 — DANTE’S LESSONS

If you have not read the tips, I put in the blog post about Dante Pro Lab.
I recommend reading that post first. During RastaLabs, you will face a similar scenario of the corporate network, but for sure more complex, and all the previous tips will be useful.

Source: Own study — Dante guide — HTB

TIP 2 — AV, YOU BASTARD…

You often have to deal with the antivirus program as you move around.

• I wrote a separate blog post about Antivirus evasion techniques, which I encourage you to read.

Source: Own study — AV EVASION TECHNIQUES

TIP 3 — DO NOT BE CONFUSED

I did not describe in the AV EVASION TECHNIQUES how to obfuscate custom C# and other open-source tools downloaded from the internet.

• For C# tools, just compile it like always and then use ConfuserEX:

Source: Own study — Example of the compiled tool “Platform.exe”.

Source: Own study — Aggressive Preset for <Global settings> and Platform.exe

Source: Own study — How to obfuscate.

• For .exe that was written in C/C++, you can use Hyperion crypter:

hyperion.exe input.exe evil.exe

• At last, you can use Pezor packer to wrap the evil.exe.