Thank you for opting to take the Offensive Security macOS Control Bypasses (EXP-312) course. The following document contains instructions for connecting to our online VPN labs and other useful information, which will help you get the most out of the course and labs. Please read it carefully.
EXP-312 ONLINE LAB INTRODUCTION
The EXP-312 lab environment is an important part of the online course. The lab allows the student to practice various evasive penetration testing techniques in a legally safe environment. Each student has access to several dedicated lab targets. Access to the machines is done via VNC and or SSH.
CONNECTING TO THE LABS
Your connection to the lab is to be done with Kali Linux using OpenVPN. We are unable to provide any VPN connectivity support if you choose to use another setup. It is also highly recommended that you download and use the Kali VMware image for the most streamlined experience. For more information, please visit the following link: https://help.offensive-security.com/hc/en-us/articles/360049796792
You can download the "VPN Connection File" to your Kali Linux machine, from the "Labs" tab of your OffSec Training Library control panel. Use openvpn to initiate the VPN connection to the labs.
Once downloaded you will find a ovpn file that you will use to connect to the VPN as shown below.
┌──(kali㉿kali)-[~] └─$ sudo openvpn exp312.ovpn 2021-09-20 04:33:39 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5). 2021-09-20 04:33:39 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning. 2021-09-20 04:33:39 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2021-09-20 04:33:39 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10 2021-09-20 04:33:39 TCP/UDP: Preserving recently used remote address: [AF_INET]188.8.131.52:1194 2021-09-20 04:33:39 UDP link local: (not bound) 2021-09-20 04:33:39 UDP link remote: [AF_INET]184.108.40.206:1194 2021-09-20 04:33:43 [offensive-security.com] Peer Connection Initiated with [AF_INET]220.127.116.11:1194 2021-09-20 04:33:43 TUN/TAP device tun0 opened 2021-09-20 04:33:43 net_iface_mtu_set: mtu 1500 for tun0 2021-09-20 04:33:43 net_iface_up: set tun0 up 2021-09-20 04:33:43 net_addr_v4_add: 192.168.49.56/24 dev tun0 2021-09-20 04:33:43 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2021-09-20 04:33:43 Initialization Sequence Completed
When prompted, enter your username and password into the console. Do not close this window, otherwise your VPN connection will terminate!
Please read this part extremely carefully.
By joining the Offensive Security VPN, you will be exposing your computers' VPN IP to other students taking the course with you. Due to the nature of the course (and its participants!), your computer may be subjected to attacks originating from the VPN network. This is true even if you are located behind a NAT device. Kali users, please change the default password!
WHAT IS A GOOD PING RESPONSE TIME?
If your average ping is below 300 ms and without any packet loss, you should not encounter any issues within our labs. Sometimes the ping response time can increase for a few seconds; this can happen if a machine is being reverted by another student.
We highly recommend that you use a stable, high speed Internet connection such as Broadband or higher to access the labs. Mobile Internet such as 3G or 4G should be avoided.
vLAN IP Information
In the OffSec labs environment, often times the allocated IP address on your student vLAN may change from time-to-time, therefore we can provide some guidance on how to reduce the impact of this, by following the recommendations outlined in the in the Common VPN Connectivity Issues guide.
First, please ensure that you have Internet connectivity within your Kali Linux virtual machine. If you do have Internet connectivity and are still unable to connect to the labs, ensure you are not behind any firewalls that are preventing you from establishing an outbound connection to the labs on UDP port 1194.
If you are still having connectivity problems or non-training related issues, please take a look at the article here for the common issues. Should you still have issues, please contact us, and we will try to help you to the best of our abilities.
Common Resolution Issue
On occasion when connecting to the EXP-312 virtual machines, the desktop might become blurred and unreadable. To fix the problem, change the virtual machine resolution using the following steps.
- Login with SSH to the virtual machine.
- Run the following command with the resolution of your choice. In the example below, the resolution is set to 1360 x 768.
Note: higher resolutions will cause slower response time due to increased network traffic
/Library/Application\ Support/VMware\ Tools/vmware-resolutionSet 1360 768
You can submit a ticket.
We wish you a productive and enjoyable time in our labs!
The Offensive Security Team