Just a FYI, this is more or less a placeholder post with little content until I upload a walk-through.
To join the game, it’s as simple as registering and establishing a VPN session into the lab environment via openvpn. Target IP addresses are provided, and depending on the difficulty, a little hint giving potential avenues of attack. The goal is to hack into each of the targets and grab the contents of secret.txt, which usually resides in /root or the administrator’s desktop. The contents of secret can then be submitted for points, the amount awarded is based on the difficulty of the target. Accumulated points are tracked on a pretty slick dashboard … sorry I couldn’t help myself :S
At the moment, I’ve worked through the web application and scenario based targets with the exception of “X”. I thought the targets were challenging but not insanely difficult. Practical pentest labs was a great walk-through of various vulnerabilities while not obscuring them to a point where it’s less an exploitation exercise, and more a game of hide and seek. Continue reading “Practical Pentest Labs”