Offensive Security

Penetration Testing With BackTrack Online Lab Guide README

v.3.3

Mati Aharoni
MCT, MCSE + Security, CCNA, CCSA, HPOV, CISSP

Offensive Security Online Lab connectivity Guide

Thank you for opting to take the Offensive Security PWB training. The following document contains instructions to connecting to our online VPN labs, and other useful information which will help you get the most out of the course and labs. Please read it carefully.

The PWB Labs

The PWB labs are an important part of the online course. The lab allows the student to implement and practice various penetration testing techniques in a legally safe environment. The lab simulates a multi network organization which contains servers with various vulnerabilities. These vulnerabilities will be exploited by you in a guided and controlled manner as instructed in the videos and PDF lab guide. You are to document your findings through a Penetration Test Report. You can find this template, as well as other important information relating to the PWB course in our forums: http://forums.offensive-security.com/forumdisplay.php?f=69 Note that you cannot register to our forums. An account is automatically created for you once you register, and the credentials are sent to you together with the course materials.

Rules of Behavior
As opposed to a normal network our aim is to allow you to succeed in hacking our systems. In fact, we expect the students to acquire administrative privileges on almost all the systems in the lab! The labs are shared with other students, therefore we request that do not alter configurations of machines you hack. Although every machine in the lab is backed up and restorable in less than 20 seconds, configuration changes are a nuisance for your fellow students please be courteous to them. The lab runs several monitoring and logging systems. Users disregarding these rules will be removed from the labs, and their lab sessions will be terminated. Any configuration change on a machine will result in an immediate revert of the machine to its original state. Please be responsible in your lab usage.

The machines you should be targeting (depending on your lab assignment) are : LAB 1 - 192.168.11.200 - 192.168.11.254 LAB 2 - 192.168.13.200 - 192.168.13.254 LAB 3 - 192.168.15.200 - 192.168.15.254 PLEASE DO NOT SCAN OR ATTACK MACHINES OUTSIDE THIS RANGE.

Connecting to the labs

Connection to the labs is done over VPN, using BackTrack. You can either install BackTrack to disk, or use our BT5 Gnome VMWare image. You can download BackTrack here: http://www.backtrack-linux.org/downloads/ 1) Download the PWB Lab connection package to your BackTrack machine and extract its contents. Use openvpn to initiate the VPN connection to the labs. Enter your provided username and password. Note that testing accounts expire in 48 hours (or after submitting the course fees)
root@bt:~# tar jxpf connection.tar.bz2 root@bt:~# cd pwbv3/ root@bt:~/pwbv3# openvpn pwbv3.conf Thu Mar 18 21:21:46 2010 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008 Enter Auth Username: OS-5xxx Enter Auth Password: XXXXXXXXXX Thu Mar 18 21:22:06 2010 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Thu Mar 18 21:22:06 2010 LZO compression initialized Thu Mar 18 21:22:06 2010 UDPv4 link local: [undef]

Thu Mar 18 21:22:06 2010 UDPv4 link remote: 208.88.120.4:1194 Thu Mar 18 WARNING: this configuration may cache passwords in memory Thu Mar 18 [127.0.0.1] Peer Connection Initiated with 208.88.120.4:1194 Thu Mar 18 21:22:07 2010 TUN/TAP device tap0 opened Thu Mar 18 /sbin/ifconfig tap0 192.168.10.3 netmask 255.255.254.0 mtu 1500 Thu Mar 18 21:22:07 2010 Initialization Sequence Completed

2) Once connected, leave that window open. In a new shell try pinging one of the lab machines (192.168.11.220, 192.168.13.220 or 192.168.15.220, depending on your assinged network) to verify connectivity. Maintain this connection for a while to verify its stability.

General Lab Usage

The labs are composed of a simulated network, with various live (virtual) machines. Each student has a reserved Windows XP Client in the labs which is used in several exercises. Test users are not issued XP machines.

Hazards
Please read this part extremely carefully. By joining the Offensive Security VPN, you will be connecting to a potentially hostile environment. Although no traffic is directly allowed between student machines (by design), you must be vigilant at all times. This is true even if you are located behind a NAT device. Please take the proper precautions to protect your client computer. Make sure to change your root password! Please do not scan the internal network once connected.

Technical Problems
If you're having connectivity problems or other non-training related issues, you can contact us in several ways and we will try to help you to the best of our abilities.

IRC
We have an active IRC channel on irc.freenode.net, #offsec. You will usually find a member of staff there, and other students participating in the course. If you are new to IRC, check out this quick guide: http://www.offensive-security.com/irc-guide.pdf

MSN
You can contact us using MSN (Instant Messenger) at the address help [at] offensive-security.com.

EMAIL
You can email us at help [at] offensive-security.com.

We wish you a productive and enjoyable time in our labs! Offensive Security Team