Penetration testing course

2.7 Certificate of Completion

If you get root/administrator access on at least 20 lab machines (Beginner or Advanced) and provide documentary proof of that achievement, you can apply for the VHL Certificate of Completion. If you manage root/administrator access on at least 10 Advanced+ machines (and exploiting at least two vulnerabilities without using any automated tools or publicly available scripts), then you are entitled to apply for the VHL Advanced+ Certificate of Completion.

Certificates of Completion come in the form of a personalized PDF and sent by email.

To be eligible for a VHL Certificate of Completion you must:

  • Achieve root/administrator/system access on at least 20 Beginner or Advanced lab machines.
  • Provide documentation showing how the vulnerabilities were exploited, do not include (compiled) exploits with your documentation;
  • Include screenshots proving that you rooted the lab machines;
  • Supply the contents of key.txt files from the rooted lab machines.

Note: The Metasploitable 2 lab machine does not count towards the 20 lab machines required for the certificate of completion.

To be eligible for the VHL Advanced+ Certificate of Completion you must:

  • Achieve root/administrator/system access on at least 10 Advanced+ lab machines.
  • Successfully perform manual exploitation of at least two vulnerabilities on any two of the lab machines (i.e. without resorting to automated tools such as Metasploit or using publicly available scripts). The chosen vulnerabilities should be exploited before with publicly available exploits or Metasploit in order to qualify;
  • Provide documentation showing how all the vulnerabilities on all 10 lab machines were exploited, do not include (compiled) exploits with your documentation;
  • Include screenshots proving that you rooted the lab machines;
  • Supply the contents of key.txt files from the rooted lab machines.

In other words, to be awarded the VHL Advanced+ Certificate of Completion you must have achieved root/admin/system access on a total of ten Advanced+ lab machines and, in addition, at least two different vulnerabilities on any lab machine must have been exploited without employing automated tools (such as Metasploit) and without using any publicly available scripts. You can choose any vulnerability on any two Beginner, Advanced or Advanced+ lab machines to exploit manually provided you have previously exploited those machines using a published script or automated tool. This will require you to demonstrate your ability to analyse vulnerabilities and to reproduce the required steps manually to exploit them. This will prove that you are able to cope when Metasploit modules fail or when there are simply no applicable exploits or pre-written scripts available.

The documentation you submit in support of your request for a certificate of completion should contain sufficient information to verify your achievement. As a minimum this should include (i) details of the vulnerabilities you exploited (such as the CVE ID numbers), (ii) links to vulnerabilities/exploits, attack narrative etc. and (iii) screenshots of the actual exploitation process. The screenshot(s) proving that you rooted the lab machine should show the following information:

  • The lab machine IP.
  • The attack box IP address (VPN IP).
  • The commands used (command line, URLs, requests, Metasploit handler, exploit compilation etc.).
  • Where privilege escalation has been included also include the output of the id/whoami/getuid command before and after executing the exploit and the contents of the key.txt file in the screenshot.

When you are ready to apply, please email your certificate request and accompanying documentation (using the same email address with which you registered with VHL) to info@virtualhackinglabs.com. We will then manually verify the information you have given and check the authenticity of the screenshots. Be sure to include your VHL student ID (i.e. the VHLC ID provided when you registered) as well as your full name for the Certificate of Completion. As soon as your request has been approved, we will forward your Certificate of Completion by email.

Lab tip: A couple of great tools for maintaining notes as you progress through the labs are Keepnote and Cherrytree. Keeping comprehensive notes will make life easier when you have to draft your reports. Because Keepnote has now been removed from Kali Linux (it hasn’t been maintained for a while) you may prefer to use Cherrytree instead.

VHL reserves the right to award either of these certificates based on verification and validation of the documentation provided and on any other relevant criteria. VHL’s assessment on whether the applicant has reached the necessary standards to be awarded either Certificate of Completion is final.

VHL Sample Report for machine 83 – John

A sample report for a single machine can be found here:

VHL Sample report for machine 83 – John

Frequently Asked Questions

In the following section we will try to answer some questions you might have related to the VHL Certificates of Completion:

Q: How long will it take to process my Certificate request?

A: This will take up to 5 business days, we usually process all requests at once on Friday. Haven’t heard anything from us within 5 business days? Please contact our support department.

Q: Can I submit Advanced+ machines instead of Advanced machines for the regular Certificate of Completion?

A: Yes, but you cannot then use the same Advanced+ machines a second time when you apply for the VHL Advanced+ Certificate of Completion. We therefore recommend you only submit Beginner and Advanced machines for the VHL Certificate of Completion and keep the Advanced+ machines for the VHL Advanced+ Certificate of Completion.

Q: I have submitted Advanced+ machines as part of the 20 machines required for the VHL Certificate of Completion before you introduced the VHL Advanced+ Certificate of Completion, can I submit them again for the VHL Advanced+ Certificate of Completion?

A: No, you cannot submit any completed Advanced+ machines twice. In such a situation you will have to root additional Advanced+ machines to satisfy the 10 machines requirement.

Q: I have submitted some Advanced+ machines as part of the lab report for the regular VHL Certificate of Completion but these were in addition to the 20 Beginner/Advanced machines. Can I submit these Advanced+ machines again for the VHL Advanced+ Certificate of Completion?

A: Yes, in this case you can submit the Advanced+ machines for the VHL Advanced+ Certificate of Completion provided you have matched the requirement of completing at least 10 Advanced+ machines in addition to the 20 machines required for the regular VHL Certificate of Completion.

Q: How many and which machines do I have to root to receive both the regular VHL Certificate of Completion and the VHL Advanced+ Certificate of Completion?

A: In total you have to root a total of 30 machines (including two vulnerabilities exploited manually)

  • The regular VHL Certificate of Completion requires at least 20 Beginner/Advanced machines.
  • The VHL Advanced+ Certificate of Completion requires at least 10 Advanced+ machines and 2 vulnerabilities exploited manually which were exploited using publicly available exploits/Metasploit before. The requirement of two manually exploited vulnerabilities applies to vulnerabilities, not machines.

Q: Do we need to submit two different reports or a single report with 30 rooted boxes is fine in order to get both certificates of completion?

A: We prefer 2 reports; one report with 20 completed lab machines for the regular certificate of completion and one report with 10 completed Advanced+ lab machines + 2 vulnerabilities manually exploited.

Q: The requirements for the VHL Advanced+ Certificate of Completion include having to exploit two vulnerabilities manually, what do you mean exactly by ‘manually’?

A: By ‘manually’ we mean you cannot exploit the target vulnerabilities by using automated tools, such as Metasploit, or by using publicly available scripts/exploits. Such tools and scripts automate the exploitation process by issuing a series of commands or requests, injecting or uploading a payload with a reverse shell or exploiting/chaining multiple vulnerabilities at once. Most of the times you can also perform these steps manually by issuing the commands or requests yourself.

Q: Which tools am I NOT allowed to use in the manual exploitation of the lab machines?

A: Any tools that automate (part of) the exploitation process, such as Metasploit, Armitage, SQLmap etc.

Q: Can you give an example of a machine with a vulnerability that can be exploited manually?

A: In the courseware, in section 5.2 ‘How to work with exploits and where to find them’, we analyse the exploit code for a vulnerability in Apache James. In that code we can see that the script connects to the vulnerable server, adds a user to the system and includes a payload in the username which will be executed as soon as a valid user logs in. The exploit script automates the exploitation process but this can also be done manually by issuing the commands with a Telnet client. With this information you should be able to connect to the vulnerable service and perform the exploitation step by step by manually issuing the necessary commands.

Q: I have exploited a vulnerability that was intended to be exploited manually, such as a file upload vulnerability in a custom web application. Does this vulnerability count?

A: No, in order to apply the vulnerability should be exploitable with publicly available scripts or Metasploit.

Q: Which machines would you recommend to look at for manually exploitable vulnerabilities?

A: While almost every machine contains vulnerabilities that can be exploited manually, we recommend to have a look at the following machines: 36, 53, 58, 88, 95, 113, 200, 241. We will also note the machines that can be exploited manually as extra mile exercises on the Lab Dashboard, such as 36 – Steven.

More machines will be added to this list in due course.

Q: How many machines do I have to submit in total for my Advanced+ report?

A: 10 Advanced+ machines and 2 manually exploited vulnerabilities. The manual exploited vulnerabilities can be performed on any machine of any difficulty, including 2 of the 10 Advanced+ machines as long as they have been exploited automatically too.

Q: Will it count when I exploit a vulnerability for a foothold and privilege escalation manually on a single machine?

A: Yes, the requirements of two manually exploited vulnerabilities applies to vulnerabilities, not machines.

Q: Am I allowed to use msfvenom to create payloads for the 2 manual machines?

A: Yes, Msfvenom is allowed to create payloads.

Q: Am I allowed to use Burp Suite in manual exploitation?

A: Yes, Burp Suite may also be used in manual exploitation.

Q: Am I allowed to use Metasploit multi handler in manual exploitation?

A: Yes, you can use Metasploit multi handler to intercept shells.

Course frontpage

Current Chapter

Chapters

  • Pentesting in practice

  • This category can only be viewed by members.
  • Intro