Virtual Hacking Labs Review
Marietta Bleasdale
LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.
I've been in prep mode for the Offensive Security Certified Professional certification since late 2018 and wanting to enjoy the Ethical Hacking learning journey so I took a few detours that included eLearnSecurity eJPT, GIAC GPEN certs and now VHL labs. I finished the course and rooted the 9 beginner boxes ( I had to phone a friend on 2 of them!). I'm out of time as my Masters program has resumed and that requires full time concentration. Here's my review of the course and assistance on the 9 beginner boxes should anyone feel the need.
A. Restructure the training material that starts with complete installation of all tools that are used in the course. I wasted a good 2-3 days trying to get OpenVAS/Greenbone installed using numerous suggested VM images the course mentions.
B. Develop some video content that teaches core concepts for each section. Course content delivery was a bit lazy throughout the course for entry level people and should consider people who may not learn the best by reading or those with reading disabilities.
C. Structure lab VMs around the course material more directly, cumulatively and in course order. This is somewhat accomplished with how each VM tells you to read random sections of the course to root the machine, but I'd like an approach where reading the first 3 chapters/section prepare you to root all beginner machines, then in order to root Advanced machines you need to fully understand those earlier concepts and material from chapters 4-6, etc. I'm thinking somewhat of how Elearn security did it which was great in my opinion.
Overall Experience = Very Positive. I learned a ton my other courses didn;t teach me and I grew skills with using netcat, web and reverse shells, using Metaploit and nmap more fully, Hydra usage, linux bash shell and a lot of other things.
I always try to spend a couple hours breaking in before looking for help and I fully encourage that approach, but I would have loved to have these so I didn't spend so much time bugging Melina Phillips and reading old VulnHub walkthrough blogs that had nothing to do with my box.
I found precisely 0 walkthrough details for these machines and regretfully spent more time online researching then actually applying the needed rooting concepts. After frankensteining the education together, it takes about 5-10 mins to actually root a beginner machine successfully. So here my hints for rooting the 9 beginner machines.
Anthony - Nmap gets you most of the way on this one. After using it to identify app services and ports of interest, try running some of the common service vulnerability scans using nmap such as --script=ftp-vuln*. This isnt the vulnerable service but just giving you ideas. The results of doing this pave the way for successful exploitation via Metasploit.
AS45 - AS stands for apache struts. After revealing interesting ports and services via nmap, run a web application vulnerability scan. The results provide you some areas of the target to visit in your browser. You'll need some information here to set up an exploit later. Searching metasploit for the specific struts version in use gets you what you need. You will need to iterative cycle through the correct combination of target, payload and TARGERURI to get this one right. Focus on exploits with excellent reputation. For this one use the 'check' command prior to execution, when its says the target appears to be or is vulnerable, you're on the right path.
Breeze - Start with Nmap as usual to locate a relevant application/port target. Using searcsploit or Exploit-DB provides you the sole exploit needed to get on this box. Not spoiling too much but you'll need to generate a payload with MSFvenom and use the payload output from that command to replace inside the exploit before execution. Serve the payload to the target, capture the reverse shell via netcat or metasploit and you're good.
CMS01 - Start with Nmap and a web vulnerability scan to locate interesting ports/services. Explore the application using your browser. Use the single exploit found for the app version number and again use correct RHOST, TARGETURI and other settings to get the exploit to work. Use base privileges once inside to escalate privileges via review of all settings/ sections of the app. Use escalated privileges to leave the application and execute a reverse shell to gain machine access through php file modification back to your machine. Use new user privileges on the target machine to locate root creds and root the box.
James - The most frustrating machine for me. Use Nmap to find the app service to target. An exploit from Exploit-DB is available for this particular version that gets you a limited shell after minor modifications and experimenting. Once on you will need to stabalize your shell using 'bash' . Find world writable files and use echo commands to overwrite the lone world writable file you can modify with commands for reverse shell. Explore the sudo commands you can issue and use that to trigger the reverse shell back to your attacking machine.
Mantis - Similar to CMS01. Do your nmap and web vulnerability scans to specify the target. Searching exploit -DB reveals an exploit you can execute directly from your attack machine web browser that gets you in the app. Search the application exhaustively for system creds. Once logged in see what your current profile has available to easily escalate to root.
Steven - Nmap reveals interesting port and service results for this machine. Visting the host address on one of the interesting ports reveals a login page with a more specific service to target exploits against. Metasploit is your friend from here.
After completing my eLearnSecurity Certified Professional Penetration Tester v4 (eCPPT) exam I wanted to keep my skills sharp and put my newly gained penetration testing knowledge to the test in a practical lab environment. While visiting the netsecstudents Reddit I found several posts discussing Virtual Hacking Labs.
The Virtual Hacking Labs plans (or passes as they call them) are relatively straight forward. You buy a pass that grants you access to their lab and course content for a pre-determined amount of time and off you go. The passes start out at one week but Month, three month and yearly passes are also available.
The only thing to note while comparing passes is that the weekly pass does not include offline access to the course materials and does not grant you a Certificate of Completion if you complete the twenty-machine lab challenge. If you value offline access to the materials for later reference, or if you want to opt for the Certificate of Completion I recommend going for a pass that includes them.
Virtual Hacking Labs offers a free course sample that you can request before purchase. The sample includes an introduction of what they have to offer, what is included when you buy a pass and includes a subset of the course material to see if you like the course content.
Purchasing your access pass is as simple as selecting one, filling in the required information and account credentials and choosing a payment method. They offer several payment methods including PayPal, Credit Card and iDeal. I used iDeal when making my purchase which made the process a seamless experience.
While the Virtual Hacking Labs website states that memberships will be processed and activated within 24 hours of purchase I received an email with VPN access credentials a few minutes after payment allowing me to access course materials and the lab almost instantly.
The course content is split up in ten chapters, one of which is dedicated to a manual on how to access the practical lab over a VPN connection. This leaves nine chapters of actual penetration testing content that include.
The course itself can be seen as an introductory course and is very beginner friendly. The course does a good job introducing you to the penetration testing process and methodology and is designed in such a way that you can follow along and try the concepts that are explained in the materials on the well-known Metasploitable 2 virtual machine. This machine is available in the Virtual Hacking Labs lab environment so you do not have to go through the hassle of setting up your own.
If you purchase a month or longer access pass you can download an offline copy of the course materials in PDF format. For beginners however, it is probably more intuitive to follow the course in its online format. Using the online format allows you to mark chapters as complete making it easy to track your progress.
The lab is a shared penetration testing lab, meaning you share a lab with other students that are also taking the course. The lab consists of around thirty-five vulnerable machines with a variety of operating systems. Operating systems include but are not limited to: Windows, Linux, FreeBSD, Nas4Free and even Android.
As the name implies beginner machines are meant for beginners, those that just finished the course materials or with some previous experience in the field. Solutions to these machines can often be found within the course content. Beginner machines also have clear hints available in the lab dashboard to push you in the right direction if you are stuck. Furthermore, most beginner machines do not require complex privilege escalation techniques and an initial shell usually results in the highest privileges possible.
c80f0f1006