Practical Pentest Labs

Hey all,

Just a FYI, this is more or less a placeholder post with little content until I upload a walk-through.

While surfing reddit/netsec someone posted a link of a walk-through of some targets in a virtual pentest lab called practicalpentestlabs, naturally I decided to give it a go.

To join the game, it’s as simple as registering and establishing a VPN session into the lab environment via openvpn.  Target IP addresses are provided, and depending on the difficulty, a little hint giving potential avenues of attack.  The goal is to hack into each of the targets and grab the contents of secret.txt, which usually resides in /root or the administrator’s desktop.  The contents of secret can then be submitted for points, the amount awarded is based on the difficulty of the target.  Accumulated points are tracked on a pretty slick dashboard … sorry I couldn’t help myself :S Leaderboard2

At the moment, I’ve worked through the web application and scenario based targets with the exception of “X”.  I thought the targets were challenging but not insanely difficult.  Practical pentest labs was a great walk-through of various vulnerabilities while not obscuring them to a point where it’s less an exploitation exercise, and more a game of hide and seek. Continue reading “Practical Pentest Labs”