Several months ago, Peleus approached me and asked me to participate in a beta-test of an upcoming Offsec “Playground”. I still feel honored for being selected! Together with several others, I was given over two weeks of intensive beta-breaking :)
Some background about myself: I have been absorbed in the infosec field almost four years ago, starting with Over the Wire’s wargames. Since then, I’ve discovered the awesome VulnHub.com and I have been addicted ever since. I have no formal background in computer science, nor have I taken PWK or CTP yet. Still, someone thought I was good enough to participate and I jumped at the chance.
The playground is a network, a pentest lab, built from the ground up by the Offsec crew. It contains virtual machines for us to attack and try to compromise. I was given a VPN connection to the playground. The playground itself consisted of a DMZ and several subnets. A Kali image was provided as well, which I downloaded a week into the beta-test (my mistake, should’ve gotten it earlier). The playground offered a huge variety of machines, ranging from Linux, FreeBSD, Windows all the way to Citrix and SCADA systems. Each machine had a unique entrypoint. Some machines could only be compromised by first rooting another box. This was very nice and gave the playground an interconnected feel. Other boxes allowed pivoting into one of the other subnets. In total, there were more than fourty! boxes available.
The difficulty ranged from super-easy, google-click-root to mind-bendingly hard. I managed to pop ten boxes, which put me at the lower end of the spectrum. Nevertheless, I can say I’ve learned a ton from this experience. I can now see why Offensive Security’s slogan is “Try Harder” ;)
I think this experience has made a couple of things clear. First, I really need to do PWK. Second, there’s always more to learn and more boxes to hack! Overall, I’d say if you have the opportunity, definitely try your hand at the Playground: you will not be disappointed!
Finally, I’d like to give a shout-out to Peleus for recruiting me and g0tmi1k, muts and the rest of the offsec crew for accepting me as a beta-tester. Last, but not least, thanks to my fellow beta-testers for sharing the pain and joy of attacking the playground! It has been an awesome learning experience, thank you!
“Be not afraid of growing slowly, be afraid only of standing still.” –random Chinese Proverb that I find appropriate ;)