Lately, I’ve been dedicating my spare time to Pentestit v11, a terrific pentest lab which is great to hone those skills. If you have the spare time, I highly recommend participating – lab.pentestit.ru.
Version 11 is named “Who is Mr. Hacker?”. To start, we are given a network diagram and two target IP addresses: 192.168.101.10 and 192.168.101.11. For this post, I’ve created my own network diagram so I can mark it up along the way.
Obviously there are spoilers ahead.
Continue reading “Pentestit v11”
Just a FYI, this is more or less a placeholder post with little content until I upload a walk-through.
While surfing reddit/netsec someone posted a link of a walk-through of some targets in a virtual pentest lab called practicalpentestlabs, naturally I decided to give it a go.
To join the game, it’s as simple as registering and establishing a VPN session into the lab environment via openvpn. Target IP addresses are provided, and depending on the difficulty, a little hint giving potential avenues of attack. The goal is to hack into each of the targets and grab the contents of secret.txt, which usually resides in /root or the administrator’s desktop. The contents of secret can then be submitted for points, the amount awarded is based on the difficulty of the target. Accumulated points are tracked on a pretty slick dashboard … sorry I couldn’t help myself :S
At the moment, I’ve worked through the web application and scenario based targets with the exception of “X”. I thought the targets were challenging but not insanely difficult. Practical pentest labs was a great walk-through of various vulnerabilities while not obscuring them to a point where it’s less an exploitation exercise, and more a game of hide and seek. Continue reading “Practical Pentest Labs”