Thank you for opting to take the OffSec Penetration Testing with Kali Linux (PEN-200) training. The following document contains instructions for connecting to our online VPN labs and other useful information, which will help you get the most out of the course and labs. Please read it carefully.
THE PEN-200 LABS
The PEN-200 labs are an important part of the online course. The lab allows the learner to implement and practice various penetration testing techniques in a legally safe environment.
The lab simulates a multi-network organization that contains servers with various vulnerabilities. These vulnerabilities will be exploited by you in a guided and controlled manner as instructed in the videos and PDF lab guide. You are to document your findings through a Penetration Test Report. You can find the report template along with additional information on the Penetration Testing with Kali Linux Reporting page.
RULES OF BEHAVIOR
As opposed to a normal network, our aim is to allow you to succeed in hacking our systems. In fact, we expect the learners to acquire administrative privileges on almost all the systems in the lab!
The labs are shared with other learners; therefore, we request that you do not alter the configurations of machines you hack. Although every machine in the lab is backed up and restorable in less than 20 seconds, configuration changes are a nuisance for your fellow learners – please be courteous to them. The lab runs several monitoring and logging systems. Users disregarding these rules will be removed from the labs and their lab sessions will be terminated.
Any configuration change on a machine will result in an immediate revert of the machine to its original state. Please be responsible in your lab usage. For a more complete discussion of the lab restrictions, refer to the Lab Behaviour section of the PEN-200 Network Introduction Guide.
HAZARDS
Please read this part extremely carefully.
By joining the OffSec VPN, you will be connecting to a potentially hostile environment. Although no traffic is directly allowed between learner machines (by design), you must be vigilant at all times. This is true even if you are located behind a NAT device. Please take the proper precautions to protect your client computer and ensure you change your root password prior to connecting to the VPN.
LAB TARGET RANGE
The machines you should be targeting are: 10.11.1.1 - 10.11.1.254
When you begin working in the labs, please do not scan or attack machines outside this range. During your network enumeration, you may encounter other subnets that are also within scope.
CONNECTING TO THE LABS
Your connection to the lab is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. It is also highly recommended that you download and use the Kali VMware image for the most streamlined experience. For more information, please visit the following link: https://help.offensive-security.com/hc/en-us/articles/360049796792
You can download the "VPN Connection File" to your Kali Linux machine, from the "Labs" tab of your OffSec Learning Library control panel. Use openvpn to initiate the VPN connection to the labs.
Once downloaded you will find a ovpn file that you will use to connect to the VPN as shown below. Please note no credentials are needed to connect as seen below:
kali@kali:~$ sudo openvpn PWK2.ovpn
Mon Mar 2 09:10:49 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Mon Mar 2 09:10:49 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Mon Mar 2 09:11:08 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Mon Mar 2 09:11:08 2020 UDP link local (bound): [AF_INET][undef]:1194
Mon Mar 2 09:11:08 2020 UDP link remote: [AF_INET]x.x.x.x:1194
Mon Mar 2 09:11:08 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Mar 2 09:11:09 2020 [offensive-security.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Mon Mar 2 09:11:10 2020 TUN/TAP device tun0 opened
Mon Mar 2 09:11:10 2020 /sbin/ip link set dev tun0 up mtu 1500
Mon Mar 2 09:11:10 2020 /sbin/ip addr add dev tun0 192.168.x.x/24 broadcast 192.168.x.x
Mon Mar 2 09:11:10 2020 Initialization Sequence Completed
2: Once connected, leave that window open. In a new shell, determine the IP address that you have been assigned as follows:
kali@kali:~$ sudo ifconfig tun0
3: Note that the subnet is a /24. Once you have successfully connected to the VPN and obtained an IP address, you will be able to ping the following lab machine: 10.11.1.220. Maintain this connection for a while to verify its stability.
Please Note: In order to connect a Universal VPN to PEN-200 shared infrastructure, select the PEN-200 course, then navigate to the LABS tab. When choosing a network with shared infrastructure, you will be prompted to hit a CONNECT button. Pressing this button will connect your Universal VPN to the PEN-200 Labs.
WHAT IS A GOOD PING RESPONSE?
If your average ping is below 300 ms and without any packet loss, you should not encounter any issues within our labs. Sometimes the ping response time can increase for a few seconds; this can happen if the machine is being reverted by another learner.
We highly recommend that you use a stable, high speed Internet connection such as broadband or higher to access the labs. Mobile Internet such as 3G or 4G should be avoided.
GENERAL LAB USAGE
The labs are composed of a simulated network with various live (virtual) machines. Each learner has reserved personal clients in the labs, which are used in several exercises.
vLAN IP Information
In the OffSec labs environment, often times the allocated IP address on your learner vLAN may change from time-to-time, therefore we can provide some guidance on how to reduce the impact of this, by following the recommendations outlined in the in the Common VPN Connectivity Issues guide.
TECHNICAL PROBLEMS
First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. For basic network configuration on Kali, you can refer to the Kali documentation site at: http://docs.kali.org
If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.
If you are still having connectivity problems or non-training related issues, please take a look at the article here for the common issues. Should you still have issues, please contact us and we will try to help you to the best of out abilities.
You can email us at help AT offensive-security DOT com.
We wish you a productive and enjoyable time in our labs!