(Sort of) write-ups from immersive labs

It’s been nearly a year since I first started playing around with Immersive labs, a sort of leetcode-ish platform for would-be penetration testers, which also happens to be free to students (given the cost otherwise, thank god). I’ve pretty much done the free ones. Yay for me.

What distinguishes immersive labs from other setups (hackthebox, pwn college, some MOOCs I played around with), and makes it rather similar to, say, leetcode, is that the environment are tools are set up for you, and everything is through the browser. You’ll know instantly if that’s for you or not.

NO SPOILERS, but I have included a few interesting points and pain points in the labs I’ve gone through.

Most of the labs , and usually access a token. The opening netcat lab, for instance, gives you a Kali box and a target IP address - the target has a bind shell open on port 4534. Connect, find the token(s), and you’re done.

Good news

As mentioned, it’s all accessed through the browser. There is no question of whether or not you have the tools - you do, and you CAN succeed. It’s also got a neat clipboard utility, for copying tokens and the like. Though you could argue that’s necessary given the browser interface. Other not-strictly-pentesting-related sections, including GDPR knowledge and particularly the command line sections, are pretty useful too. Like hackerrank, it’s all very gamified. Some challenges also provide Easter eggs. Afraid I’ve only found one or two.

Pain points

A common trip hazard is: you have multiple machines available to you in some labs, accessed via tabs on the top left. I’ve seen and heard people go to fairly extreme lengths in beginner challenges trying to write compromises in notepad, instead of using the kali box they already have.

DLL Injection contained one of my toughest pain points: it is necessary to restart the target box, which you do in the normal manner. However, when you do it’s heavily implied you’ve lost the session. You haven’t! Keep waiting and you’ll get your newly compromised machine.

I was particularly dense and missed an obvious hint on one of the docker challenges. In general, knowing docker (which I didn’t, and still really don’t) helps.

A few of the labs are excessively focused on using particular tools - that’s not an issue when learning fairly basic tools like nmap. For something like GRR (Google Rapid something or other)… it feels like poorly spend effort. Actually, the GRR-heavy lab is the only one I’ve not bothered with. It’s just too slow to play around and discover how a the tool works. Similarly for splunk.

Generally, I very rarely had problems with answers needing to be in the right format to work. The exception is one of the reverse assembly challenges involves giving a memory offset in decimal. Bizarre.

Other things

I’ve found memories of messing around with a PoC for heartbleed - I’m surprised I’ve not seen a lab utilising that, or even (I think) MS08-067.

As a personal recommendation to the immersive labs team - advertise, and consider allowing users to purchase individual premium labs. The full cost is fairly hair-raising (you ARE running a bunch of AWS instances, after all…), but by the time you’ve got through the free ones you’ll know what areas you want to practise on more. I’d love more YARA/Snort challenges, for example. Or maybe you DO want to train on GRR, in which case, great, but it’s not something I’d be teaching to students as a matter of course.