Thank you for opting to take the Offensive Security Penetration Testing with Kali Linux (PWK) training. The following document contains instructions for connecting to our online VPN labs and other useful information, which will help you get the most out of the course and labs. Please read it carefully.
THE PWK LABS
The PWK labs are an important part of the online course. The lab allows the student to implement and practice various penetration testing techniques in a legally safe environment.
The lab simulates a multi-network organization that contains servers with various vulnerabilities. These vulnerabilities will be exploited by you in a guided and controlled manner as instructed in the videos and PDF lab guide. You are to document your findings through a Penetration Test Report. You can find the report template along with additional information on the Penetration Testing with Kali Linux Reporting page.
Our student forums also contain a great deal of information and you will receive access to them once your course begins along with your course materials.
RULES OF BEHAVIOR
As opposed to a normal network, our aim is to allow you to succeed in hacking our systems. In fact, we expect the students to acquire administrative privileges on almost all the systems in the lab!
The labs are shared with other students; therefore, we request that you do not alter the configurations of machines you hack. Although every machine in the lab is backed up and restorable in less than 20 seconds, configuration changes are a nuisance for your fellow students – please be courteous to them. The lab runs several monitoring and logging systems. Users disregarding these rules will be removed from the labs and their lab sessions will be terminated.
Any configuration change on a machine will result in an immediate revert of the machine to its original state. Please be responsible in your lab usage. For a more complete discussion of the lab restrictions, refer to the Lab Behaviour section of the PWK Network Introduction Guide.
Please read this part extremely carefully.
By joining the Offensive Security VPN, you will be connecting to a potentially hostile environment. Although no traffic is directly allowed between student machines (by design), you must be vigilant at all times. This is true even if you are located behind a NAT device. Please take the proper precautions to protect your client computer and ensure you change your root password prior to connecting to the VPN.
LAB TARGET RANGE
The machines you should be targeting are: 10.11.1.1 - 10.11.1.254
When you begin working in the labs, please do not scan or attack machines outside this range. During your network enumeration, you may encounter other subnets that are also within scope.
If you are a new student performing your connectivity test, you may ping the 10.11.1.220 machine in order to check your connection's speed and stability. Once you are satisfied with the connection, please disconnect from the VPN. Please do not scan or attack the internal network once connected.
CONNECTING TO THE LABS
It is highly recommended that you download and use the PWK Virtual Machine (VMware) image via the link provided in your post-registration email. This image has a few different modifications compared to the standard ones listed on kali.org. The PWK VMware image is a custom build of Kali Linux and the course has been fully tested around it. Note that if you choose not to use the PWK image, you may have issues completing the course material (e.g. Linux Buffer Overflow).
1: Download the "PWK Lab Connection Package" to your Kali Linux machine and extract its contents. Use openvpn to initiate the VPN connection to the labs and enter your provided username and password. Note that testing accounts expire 72 hours after submitting the course fees..
root@kali:~# tar jxvf lab-connection.tar.bz2
In the extracted folder, you will find a OS-XXXXX-PWK.ovpn file that you will use to connect to the VPN as shown below.
kali@kali:~$ sudo openvpn OS-XXXXX-PWK.ovpn Mon Mar 2 09:10:49 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019 Mon Mar 2 09:10:49 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 Enter Auth Username: OS-XXXXX Enter Auth Password: XXXXXXXXXX Mon Mar 2 09:11:08 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194 Mon Mar 2 09:11:08 2020 UDP link local (bound): [AF_INET][undef]:1194 Mon Mar 2 09:11:08 2020 UDP link remote: [AF_INET]x.x.x.x:1194 Mon Mar 2 09:11:08 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Mar 2 09:11:09 2020 [offensive-security.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194 Mon Mar 2 09:11:10 2020 TUN/TAP device tun0 opened Mon Mar 2 09:11:10 2020 /sbin/ip link set dev tun0 up mtu 1500 Mon Mar 2 09:11:10 2020 /sbin/ip addr add dev tun0 192.168.x.x/24 broadcast 192.168.x.x Mon Mar 2 09:11:10 2020 Initialization Sequence Completed
2: Once connected, leave that window open. In a new shell, determine the IP address that you have been assigned as follows:
kali@kali:~$ sudo ifconfig tun0
3: Note that the subnet is a /24. Once you have successfully connected to the VPN and obtained an IP address, you will be able to ping the following lab machine: 10.11.1.220. Maintain this connection for a while to verify its stability. Once you are satisfied with the ping response time, your connectivity test is complete.
WHAT IS A GOOD PING RESPONSE?
If your average ping is below 300 ms and without any packet loss, you should not encounter any issues within our labs. Sometimes the ping response time can increase for a few seconds; this can happen if the machine is being reverted by another student.
We highly recommend that you use a stable, high speed Internet connection such as broadband or higher to access the labs. Mobile Internet such as 3G or 4G should be avoided.
GENERAL LAB USAGE
The labs are composed of a simulated network with various live (virtual) machines. Each student has reserved personal clients in the labs, which are used in several exercises. Test users are not issued personal client machines.
First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. For basic network configuration on Kali, you can refer to the Kali documentation site at: http://docs.kali.org
If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.
If you're still having connectivity problems or other non-training related issues, please contact us and we will try to help you to the best of our abilities. In the connectivity pack archive, you will find a script called troubleshooting.sh. Please be sure to run the script and provide us with the output of the script along with the output from the openvpn connection attempt when contacting us for connectivity issues.
root@kali:~# chmod +x ./troubleshooting.sh root@kali:~# ./troubleshooting.sh
You can email us at help AT offensive-security DOT com.
We wish you a productive and enjoyable time in our labs!