Skip to content

Introduction & Networking (Pentestit Lab v11)

Hello Guys, This is my FIrst post on PentestIT Lab v11. In this post, I am going to explain Network Diagram, How to Connect on Lab’s VPN.

ABOUT “TEST LAB”


Penetration testing laboratories “Test lab” emulate an IT infrastructure of real companies and are created for a legal pen testing and improving penetration testing skills. Laboratories are always unique and contain the most recent and known vulnerabilities.  Developing “Test lab” labs we try to cover almost all IT areas: network security, security of OSs and applications. Participants are supposed to exploit the variety of vulnerabilities in network components and cryptographic mechanisms, in configurations and code, and also to use a human factor.

While developing “Test lab” labs we try to cover almost every IT areas: network security, security of OSs and applications. Participants are offered to exploit the variety of vulnerabilities in network components and cryptographic mechanisms, in configurations and code, and also using a human factor.

“Test lab” presented as a computer network of virtual companies containing widely distributed misconfigurations and vulnerabilities. Penetration testing in labs is made based on a “grey box” methodology: participants have network infrastructure information in form of schema and a text description. Participants can use different methods of penetration – exploiting network services, web, social engineering, buffer overflow and etc.

How To Connect LAB Network?


Once you are registered and at the main “Test Lab” screen, if you look at the top right corner of your screen, you will see a this,

button, right next to your Progress Meter. Once you clicked on that you will be redirected to the Instructions Screen.

You can connect using either Linux or Windows. Here I used Kali Linux  Distribution. Kali Linux is Awesome because in Kali Linux all Necessary Tools  Like OpenVPN(which is mandatory for OpenVPN) and other Vulnerability Assessment And Penetration Testing Tools.

Here I’m Explaining Both ways CLI and GUI for Connecting LAB’s Network. 

First I’m going to CLI  to Connect Lab’s VPN.

Once you login to the website, get your VPN credentials and download the OpenVPN config file in your Kali Machine. Now let us start and connect to the Lab.

This is very simple to connect LAB’s VPN. You Need to Launch Terminal  and Just Type “sudo openvpn /path/of/VPNconfigFIle

 Now you trying to connect VPN.
If you got “Initialization Sequence Completed” at the end that means you connected to Lab Network Successfully.
Before jumping on any machine we need to Understand Lab’s Network. This is Very Important.

Network Diagram And Introduction.


First Take a Look At Network Diagram And try to Understand your self.

 

Brief Explain :

Once in the network, we will only have access to two public facing host. SITE/CRM/MAIL sitting at 192.168.101.10 and another host at 192.168.101.11. From the initial view of the network diagram it seems that both of these hosts are routers, so we would need to compromise them before we can get access to the internal network. Do note that there seem to be five (5) different VLANs in this network outline that need to be compromised.

Our objective would be to compromise the hosts, get remote access, and then pivot into the Internal Network to continue our pen-test.

Soo here Our “First” objective would be to compromise the 192.168.101.10-11 hosts. Soo that we do Pivot on this and access internal Network’s System.

Please note, that there are 12 Tokens in total scattered throughout the lab. I closely followed The Penetration Testing Execution Standard which helps me in compromising the next network segment or device from previously gained information.

 

 

Published inPentestITWalkthrough

3 Comments

  1. frank frank

    hello, i dont know why i could not connect to the vpn, is there anything need to config manually?

  2. Safir Safir

    Hey Touhid this is an awsome site thanks for sharing !! If there are any other labs similar to this i would love to know.
    Cheers

Leave a Reply

Your email address will not be published. Required fields are marked *