Thank you for opting to take the Offensive Security Cracking the Perimeter (CTP) course. The following document contains instructions for connecting to our online VPN labs and other useful information, which will help you get the most out of the course and labs. Please read it carefully.
CTP ONLINE LAB INTRODUCTION
The CTP lab environment is an important part of the online course. The lab allows the student to implement and practice various penetration testing techniques in a legally safe environment. Each student has three dedicated machines - Vista, Windows 2003, and a Cisco router. Access to the Windows boxes is done via Remote Desktop and the Cisco can be accessed via telnet.
RULES OF BEHAVIOR
The labs are shared with other students, therefore it is vital that you do not alter configurations of machines you hack. Do not change any IP addresses or make any other alterations to a machine unless instructed to. Configuration changes are a nuisance for fellow students - please be courteous to them. The lab runs several monitoring and logging systems. Users disregarding these rules will be removed from the labs and their lab sessions will be terminated. Please be responsible in your lab usage.
CONNECTING TO THE LABS
Connection to the labs is done over VPN. Please use BackTrack for this. In your welcome email, you should have received a lab connectivity pack (lab-connection.tar.bz2) file. Copy this file to your BackTrack machine (in /root/), extract it, and initiate the VPN connection:
root@bt:~# tar xjf lab-connection.tar.bz2
root@bt:~# cd lab-connection/
root@bt:~/lab-connection# openvpn lab-connection.conf
Tue Oct 11 23:59:51 2011 OpenVPN 2.1.0 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Jul 20 2010
Enter Auth Username:OS-XXXX
Enter Auth Password:
Wed Oct 12 00:00:00 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Wed Oct 12 00:00:00 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Wed Oct 12 00:00:00 2011 LZO compression initialized
Wed Oct 12 00:00:00 2011 UDPv4 link local: [undef]
Wed Oct 12 00:00:00 2011 UDPv4 link remote: [AF_INET]67.23.72.119:1194
Wed Oct 12 00:00:00 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 12 00:00:02 2011 [127.0.0.1] Peer Connection Initiated with [AF_INET]208.88.123.94:1194
Wed Oct 12 00:00:04 2011 TUN/TAP device tap0 opened
Wed Oct 12 00:00:04 2011 /sbin/ifconfig tap0 192.168.98.15 netmask 255.255.254.0 mtu 1500 broadcast 192.168.99.255
Wed Oct 12 00:00:04 2011 Initialization Sequence Completed
When prompted, enter your username and password into the console. Do not close this window, otherwise your VPN connection will terminate! A connectivity test can be performed by sending ICMP ECHO_REQUEST packets to the 192.168.99.1, 192.168.101.1 or 192.168.103.1 hosts, depending on which network you are assigned to:
root@bt:~/lab-connection# ping 192.168.99.1
PING 192.168.99.1 (192.168.99.1) 56(84) bytes of data.
64 bytes from 192.168.99.1: icmp_seq=1 ttl=128 time=188 ms
64 bytes from 192.168.99.1: icmp_seq=2 ttl=128 time=181 ms
64 bytes from 192.168.99.1: icmp_seq=3 ttl=128 time=179 ms
LAB ODDITIES
Windows Vista has a known bug in remote desktop. Every few minutes, the RDP session will freeze for a few seconds and then continue normally. We have found a workaround for this bug, which can be achieved by using RDP over an SSH tunnel. Please refer to your control panel for the SSH syntax to connect to your machines.
HAZARDS
Please read this part extremely carefully.
By joining the Offensive Security VPN, you will be exposing your computers' VPN IP to other students taking the course with you. Due to the nature of the course (and its participants!), your computer may be subjected to attacks originating from the VPN network. This is true even if you are located behind a NAT device. BackTrack users, please change the default root password!
WHAT IS A GOOD PING RESPONSE TIME?
If your average ping is below 300 ms and without any packet loss, you should not encounter any issues within our labs. Sometimes the ping response time can increase for a few seconds; this can happen if a machine is being reverted by another student.
We highly recommend that you use a stable, high speed Internet connection such as Broadband or higher to access the labs. Mobile Internet such as 3G or 4G should be avoided.
TECHNICAL PROBLEMS
First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.
If you're still having connectivity problems or other non-training related issues, you can contact us and we will try to help you to the best of our abilities.
Support
You can submit a ticket below.
We wish you a productive and enjoyable time in our labs!
The Offensive Security Team