How to Play Pro Labs

Taking on a Pro Lab? Prepare to pivot through the network by reading this article.

Ryan Gordon avatar
Written by Ryan Gordon
Updated over a week ago

Hack The Box offers members that have gained enough experience in the penetration testing field several life-like scenarios called Pro Labs.

These consist of enclosed corporate networks of Machines using different operating systems, different security configurations, different vulnerabilities, and exploitation paths while simulating a real corporate environment. Users looking into leveling up their security assessment skills should look no further.

Currently, our line-up stands as follows:

  • Dante is a modern yet beginner-friendly Pro Lab that provides the opportunity to learn common penetration testing methodologies and gain familiarity with tools included in the Parrot OS Linux distribution. You will level up your skills in information gathering and situational awareness, be able to exploit Windows and Linux buffer overflows, gain familiarity with the Metasploit Framework, and much else!

  • Offshore is an Active Directory lab that simulates the look and feel of a real-world corporate network. It was designed to appeal to a wide variety of users, everyone from junior-level penetration testers to seasoned testers and infosec hobbyists.

  • RastaLabs is a virtual Red Team simulation environment designed to be attacked as a means of learning and honing your engagement skills. The lab features a combination of attacking misconfigurations and simulated users.

  • Cybernetics is a Windows Active Directory lab environment fully upgraded and greatly hardened against attacks. For experienced penetration testers and Red Teamers, this lab will offer an amazing challenge to reach Domain Admin.

  • Zephyr is an intermediate-level red team simulation environment designed to be attacked to learn and hone your engagement skills and improve your Active Directory enumeration and exploitation skills. Zephyr includes a wide range of essential Active Directory flaws and misconfigurations to allow players to get a foothold in corporate environments.

  • APTLabs simulates a targeted attack by an external threat agent against an MSP (Managed Service Provider). The lab requires prerequisite knowledge of attacking Active Directory networks. APTLabs consists of fully patched servers, prevalent enterprise technologies, a simulated WAN network, and much more!


Picking your Pro Lab

Have you decided on which Pro Lab to tackle? Navigate over to the Pro Labs selection page in the navigation menu on the left side of the website, and select the Pro Lab you are interested in.

This will take you to the Pro Lab's page. You can find information about the Pro Lab on this page, such as the number of Machines, the intended audience, reviews, and payment information.

On this page, you can proceed with purchasing your first subscription, monthly or annually recurring.

You will be taken to the purchase confirmation page, where you can click the Subscribe button to be redirected to our Recurly payment page.

Over here is where you can paste any gift card codes or coupon codes you might have received. Paste them in the appropriate field and click on the arrow next to it to apply. Please make sure to confirm for which recurring type the voucher or gift card has been generated for you, as you will need to select the correct type on the platform before being able to apply it.


Connecting to the Pro Lab

Once your purchase is complete, you should be automatically redirected to the subscription confirmation page. This will show a loading animation as we cross-check our backend services to verify the payment and your subscription status.

After the verification is complete, the website will meet you with the confirmation screen. From here, you can either return the Hack The Box main page by accessing the Continue to Hack The Box button.

You can connect to the VPN by either clicking on the Connect To HackTheBox button in the top-right corner of the website or by navigating back to your selected Pro Lab page. You will find a Connect To Pro Lab button in the upper-right of the Pro Lab page. From there, you will be able to select either OpenVPN or Pwnbox, the VPN server, and download the OpenVPN .pack file.

Once downloaded, you can connect to the lab the same way you'd connect to the main Machines lab. Please visit this link and scroll down to the Booting up OpenVPN section for more detailed information on this process.


Entry Point

Some Pro Labs mention the entry point you'll need to attack to gain the initial foothold into the system; some don't. You'll need to check this information on the Pro Lab's dedicated page.

You can see the entry point on the upper left of the Pro Labs page or in the Introduction section in the Flag List.

Your best bet, in any given case, is to scan the network. If you're unsure of the subnet that requires scanning, type in the route command after you've deployed your OpenVPN connection, and it should contain the subnet given for the tunnel interface.


Pro Lab Introductions

Each Pro Lab has an Introduction that is placed at the top of the Flag List. Clicking on the Introduction will give you a brief description of the Pro Lab's concept, as well as the Entry Point.


Progress

The Progress list will show you the available flags in nicknamed fashion. Each flag's nickname will provide you with a small hint about that specific flag. Don't look too deep into the meaning of it until you get there, or you risk getting lost in semantics.


Machines

The Machines list displays the available hosts in the lab's network. You will be able to reach out to and attack each one of these Machines. During the vulnerability assessment, each one can be identified by its hostname mentioned on this list, therefore allowing you to tick them off upon completion on each of the OSs mentioned here along with their hosts.


Redeployment / Resetting the Lab

Something is bound to crash at some point. Don't worry about it! You can issue a Lab Redeployment request through the same page. Make sure to fill in the text box provided with a good explanation of what is going wrong.

We'd rather not redeploy upon requests like these:

But we will definitely redeploy upon requests like these:


Flag Submission

When you find a Flag, you can submit it directly on the same page. The Flag Submission is in the upper-right of the Pro Lab page.


Canceling the Pro Lab subscription

To cancel your recurring Pro Lab subscription, click on your profile picture and/or account name in the top right of the website and select Subscriptions from the drop-down menu.

Once there, you can scroll down on the page until you find the Subscription for the relevant Pro Lab. There will be a Cancel button on the right.

Note that the remaining time on your current subscription will continue to be valid for you to use. It's only after this time has expired (either at the end of the month or at the end of the year, depending on which recurring subscription type you have) that the recurring payment will stop. You will need to manually resubscribe at a later time if you'd like to use the lab again.

Keep in mind that all of your personal data will be deleted from our records upon unsubscribing, and you will be required to submit the One Time Setup fee once more if you ever want to resubscribe to the Pro Lab. Your progress and flag submissions will remain, however.

Did this answer your question?