Thank you for opting to take the OffSec Advanced Web Attacks and Exploitation (AWAE/WEB-300) course. The following document contains instructions for connecting to our online VPN labs and other useful information, which will help you get the most out of the course and labs. Please read it carefully.
WEB-300 Online Lab Introduction
The WEB-300 lab environment is an important part of the online course. The lab allows the learner to implement and practice various web application testing techniques in a legally safe environment. Each learner has access to several dedicated lab targets. Unless otherwise indicated, access to the Windows servers is done via Remote Desktop and the Linux machines can be accessed via SSH.
Rules of Behavior
While each learner has exclusive access to their set of lab machines, the labs themselves are shared with other learners, therefore it is vital that you do not alter configurations of machines you hack. Do not change any IP addresses or make any other alterations to a machine unless instructed to. Configuration changes are a nuisance for fellow learners - please be courteous to them. The lab runs several monitoring and logging systems. Users disregarding these rules will be removed from the labs and their lab sessions will be terminated. Please be responsible in your lab usage.
Connecting to the Labs
Your connection to the lab is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. It is also highly recommended that you download and use the Kali VMware image for the most streamlined experience. For more information, please visit the following link: https://help.offensive-security.com/hc/en-us/articles/360049796792
You can download the "VPN Connection File" to your Kali Linux machine, from the "Labs" tab of your OffSec Learning Library control panel. Use openvpn to initiate the VPN connection to the labs.
Once downloaded you will find a ovpn file that you will use to connect to the VPN as shown below.
kali㉿kali:~$ sudo openvpn awae.ovpn
2021-09-10 12:58:34 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2021-09-10 12:58:34 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2021-09-10 12:58:34 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2021-09-10 12:58:34 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-09-10 12:58:35 TCP/UDP: Preserving recently used remote address: [AF_INET]188.8.131.52:1194
2021-09-10 12:58:35 UDP link local: (not bound)
2021-09-10 12:58:35 UDP link remote: [AF_INET]184.108.40.206:1194
2021-09-10 12:58:35 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1557'
2021-09-10 12:58:35 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
2021-09-10 12:58:35 [offensive-security.com] Peer Connection Initiated with [AF_INET]220.127.116.11:1194
2021-09-10 12:58:36 TUN/TAP device tun0 opened
2021-09-10 12:58:36 net_iface_mtu_set: mtu 1500 for tun0
2021-09-10 12:58:36 net_iface_up: set tun0 up
2021-09-10 12:58:36 net_addr_v4_add: 192.168.119.142/24 dev tun0
2021-09-10 12:58:36 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2021-09-10 12:58:36 Initialization Sequence Completed
Do not close this window, otherwise your VPN connection will terminate! A connectivity test can be performed by sending ICMP ECHO_REQUEST packets to the 192.168.117.200 host.
kali㉿kali:~$ ping 192.168.117.200 PING 192.168.117.200 (192.168.117.200) 56(84) bytes of data. 64 bytes from 192.168.117.200: icmp_seq=1 ttl=128 time=188 ms 64 bytes from 192.168.117.200: icmp_seq=2 ttl=128 time=181 ms 64 bytes from 192.168.117.200: icmp_seq=3 ttl=128 time=179 ms
Please read this part extremely carefully.
By joining the OffSec VPN, you will be exposing your computers' VPN IP to other learners taking the course with you. Due to the nature of the course (and its participants!), your computer may be subjected to attacks originating from the VPN network. This is true even if you are located behind a NAT device. Kali users, please change the default root password!
What is a good ping response time?
If your average ping is below 300 ms and without any packet loss, you should not encounter any issues within our labs. Sometimes the ping response time can increase for a few seconds; this can happen if a machine is being reverted by another learner.
We highly recommend that you use a stable, high speed Internet connection such as Broadband or higher to access the labs. Mobile Internet such as 3G or 4G should be avoided.
vLAN IP Information
In the OffSec labs environment, often times the allocated IP address on your vLAN may change from time-to-time, therefore we can provide some guidance on how to reduce the impact of this, by following the recommendations outlined in the in the Common VPN Connectivity Issues guide.
First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.
If you are still having connectivity problems or non-training related issues, please take a look at the article here for the common issues. Should you still have issues, please contact us and we will try to help you to the best of out abilities.
You can submit a ticket.
We wish you a productive and enjoyable time in our labs!
The OffSec Team