Home

Review of Hack The Box - Cybernetics

These are my personal opinions based on my background and training experience.



Course Reviewed


Format:

This course is online.


Materials:

There are no course materials that I am aware of, but if there is a site with any information, please let me know.


Class size:

The class size is unknown.


Environment

The lab environment is open.


Estimated cost:

At the time of this review, the course prices were listed as follows (Check the web site for actual prices!)

£20.00 per month with a £70.00 setup fee.
£220.00 annually with a £70.00 setup fee.



About the Course:

"Cybernetics is an immersive enterprise Active Directory environment that features advanced infrastructure."


My motivation:

I love Hack The Box and wanted to try this.


My Review:


I had just finished submitting my last flag for RastaLabs, and decided, on a whim, to sign up for Cybernetics. After I signed up, I saw where this was Red Team Operator II level. For some reason I thought RastaLabs was a higher level, and when I found out this was going to be harder, I almost dropped out.

With a little bit of hesitation, I connected to the lab, checked my settings and started scanning the IP address range I believed to be in scope. I found a few interesting items, and then I hit the jackpot. I found something that I was very familiar with. I thought I had an automated exploit script that I wrote for this exact situation, so I fired up an old VM, copied the entire folder related to the application over to my Cybernetic's VM, and started going through the python scripts. To my horror, there was no automated script. Before I went full panic over the situation, I went back to the old VM and looked at my notes. I saw exactly what I had done, and probably the exact reason I didn't automate the script. With the exploit in hand, I went back to Cybernetics and got my first flag.

A little enumeration helped me move forward to the next flag, and then a little bit further. I was actually surprised that I was making great progress, but then I realized that I had retooled all my scripts and exploits for RastaLabs so there was no more hours upon hours of time spent on trying to get a tool I needed working. I had also gone back to more of what I had done during the months I spent working on PentesterAcademy's GCB, so my movements were very practiced.

I did hit a couple of snags. One was with a tool that Defender snatched up that I didn't recall using in RastaLabs, or if I did use it there, I used it before Defender started catching it. So I learned some really cool techniques to get around Defender for this tool, and I am wanting to see if the same will work for one other tool (it did not, but I know why and I haven't decided if I want to rewrite it to work or not). The next was a technique I used in GCB but it didn't work the same in Cybernetics. I got a pointer on a new way to do an old technique and I moved forward a little bit more.


So far, I am really loving this lab. I thank RastaLabs for forcing me to retool or else I would be hating this lab with a passion right now. I will write more as I progress forward.



I finally finished the lab. It took a long time and a lot of hints and nudges to finish. There were many a late evening and several all weekend binges in order to reach the end.

Picking up where I left off: I moved forward until I hit a brick wall. Then I went back to the start. As I moved along, I had concentrated on gathering information, and using that information to advance at a quick pace, but I missed something huge right before this point and it cost me days (but I learned a lot). But I was able to progress and reach a new area where I started digging and digging and digging for information. I finally found a path forward, and went for it.

The flags were seeming to go in order, and the clues left seemed to indicate the same. So I THOUGHT I had an idea of what to do for my next task, but it turns out everything I was thinking was wrong! And that is when I got stuck. I worked and worked and worked toward finding something that would succeed. I finally made a little bit of progress, but knew to accomplish what I was wanting to do would take a lot of time and research and still might not work. It was about this time that another person, who was also in the lab, reached out to me. A pointer to a website later, a little bit of research and some playing around, and I was once again moving forward. Then I hit another spot and started going down a rabbit hole, and there I was spinning my wheels yet again.

I will say that having someone with whom I could bounce ideas off of, and who was also willing to help me out of rabbit holes I had gone down, was simply amazing to say the least. Having someone to sanity check your ideas is priceless. It was around this time that I did my firt major tool rewrite for this lab. It was a tool that I hadn't used up to this point in RastaLabs or Cybernetics and it took a lot of effort to get the tool working correctly and not being caught by Windows Defender. But the tool worked, and I moved forward. Following clues in the lab, and using the flags as hints had worked up until a certain point, but I eventually reached a point where it broke down. Suddenly I jumped two flags, and when I found them, I realized that I hadn't found them using the intended path. In hindsight, I am guessing the gap couldn't really be helped unless the whole lab dynamics were changed, and I am okay with that, but I wanted the flags the way the lab creator intended it. A little back tracking, some hints and I had both missing flags in a way that seemed to be the intended way, or at least going the intended path, and having accomplished that made me feel much better about having obtained the flags.

Well, the next flag seemed to be out of reach. For all my effort on this, what cost me a bunch of lost time was attention to details. I had seen something earlier that was critical, but forgot all about it. Then there were two error messages, both with different wording, but each looking, at a glance, to be similar and attention to detail can often be the deciding factor between success and failure. Having missed critical information, I ended up starting automated tools, going to bed, and waking up to find they died in the middle of the night and still didn't find what I was looking for. During all of this, there were several times I went back to every single machine I had visited before and searched for stuff I missed. While going back through everything I had done before, I found a way that I could move forward, so I eventually went that route. But I was 100% determined to return to this point and figure out how to get the flag that I was skipping.


The final few flags were fun, and I eventually ended up back at the point of needing the flag I had skipped. I am very grateful for all the hints and nudges that I was given to make things work. But although I was pretty sure I was on the right track, I wasn't done yet. I could get the system to call back to me, but then the call back would die. I slowed down and spent the time needed to read the error message, and I came up with an idea on how to get around it. Tweaks and changes were made, and finally I got connected to the remote machine and my connection didn't die. And there was the flag. Done. And I did the happy dance.


Misc:

I learned a TON. There were only a few times when I saw what appeared to be another user connected to the same system I was on, but I never had any issues as a result of that. And again, had I not redone almost all of the tools I have been using in all these reviews (because I had to in order for them to work in RastaLabs), and had I not meet someone who was very smart and talented and willing to push me toward learning new things, this would have been a very rough lab.


The Exam:

There is no exam at the present time, but if you submit all flags and request it, you can get a Certificate of Completion.



I will post a copy of the CoC when I get it.

HTB Cybernetics CoC


My two cents:

Cybernetics was amazing. I think it requires a wide variety of skill to complete, and it is well worth the time and effort. I highly recommend Cybernetics.






Copyright © 2024

Contact: redteamtrainingreviews @ redteamtrainingreviews.com