I have faced this issue several times now and I’m not sure if its me doing something wrong or if its everyone.
Why are the “time rules” for Pwnbox and target machines in Academy modules so “short”? I know that life for each Pwnbox can be extended (once or twice), but I can think of bunch of modules right top of my head that required brute forcing some credentials – which took longer then 2hs.
And I’m not evening talking about life of modules targets with fixed lifespan. They seem to work somewhat ambiguously because sometimes when the time drops to 0 the machine still works, other times it doesn’t.
I would find much more sensible if the time could be renewed indefinitely – indefinitely might be a stretch here, but as long as the user is doing something and actively prolonging the session, I don’t see why this couldn’t be allowed.
Yes, this is abusable by something like mining, but this can be also monitored and taken care of by some monitoring.
What do all of you think about this?