Certificate
Do all subscriptions include a Certificate of Completion?
All subscriptions greater than a week pass contain a free Certificate of Completion when you have compromised at least 20 lab machines.
Do you have a template file or sample report?
Yes, we have a sample report for a single lab machine that you can use an as example. The sample report can be downloaded in courseware chapter 2.7 Certificate of Completion.
Please note that the sample report is not a complete report but only contains 1 machine. The final report must contain documentation for all machines according to the requirements.
Do you issue YourAcclaim badges?
At this moment we do not issue YourAcclaim badges for course completion.
Does your course qualify for CPE/CEU?
Completing the penetration testing course may qualify you for 25 to 40 (ISC²) CPE credits/hours. Course completion consists of completing the requirements for each certification and supplying documentation as proof. By completing the course requirements the student will be eligible to apply for a Certificate of Completion that can be used as proof of finishing the course.
Recommended Credit Hours per Certification
VHL Certificate of Completion: 40 Recommended Credit Hours
VHL Certificate of Completion Advanced+: 25 Recommended Credit Hours
VHL Certificate of Completion Advanced 2+ (Pro Lab): 40 Recommended Credit Hours
The above credit hours per certification are a recommendation. It is up to ISC2, EC-Council or any other certification body to determine if and how many CPE will be awarded.
How do I submit my Lab report?
You can send your lab report to our info e-mail address. If the lab report is too big to send by e-mail, please upload it to a Google drive (or alternative cloud drive) and send us the download link.
How long will it take to process my certificate request?
All certificate requests are processed on Friday so it will take up to 5 business days to receive a reply. Haven’t heard anything from us within 5 business days? Please contact our support department.
Is the Certificate of Completion printed?
No, we deliver a pdf version of your personalized Certificate of Completion by e-mail after meeting the requirements.
What are the requirements for a Certificate of Completion?
To be eligible for the VHL Certificate of Completion you need to:
- Get root/administrator/system access on at least 20 lab machines.
- Supply documentation of the exploited vulnerabilities.
- Supply screenshots proving that you rooted the lab machines.
- Supply the contents of key.txt files from the rooted lab machines.
Please send the documentation and proof to the following e-mail address: info @ virtualhackinglabs.com
Where is my VHL ID?
Your VHL ID is your VPN username (VHLC12345). If you have multiple VHL IDs, include the most recent one in your report.
Courseware
Are you offering a follow along course?
No, we are not offering a follow along course. We’ve chosen for a black box approach for the labs which means that only little information is given about the lab network and machines apart from hints for specific machines.
The courseware describes the techniques to perform network enumeration, vulnerability assessments and different ways of exploiting vulnerabilities in software, services and web applications. After completing the courseware you should be able to compromise the lab machines or know where to find the information and how to apply this information to vulnerable machines. This also means that a student has to research additional resources other than the courseware. New techniques and vulnerabilities are discovered on a daily basis which makes research a crucial part of the learning process to become a skilled ethical hacker.
Can I receive the course materials prior to the lab start date?
Unfortunately it’s not possible to receive the course materials in advance of the lab start date. All course materials and the lab access credentials will be send on the start date of the course.
Can I use your labs and materials in my training?
It is not permitted to use any of our training materials (lab machines included) in another training, whether offline or online, paid or free.
This includes, but is not limited to:
- Classroom training;
- Online training;
- Online and offline courses;
- (Student) Meet-ups and study groups;
- Blog posts and other online/offline publications.
Does the courseware include videos?
The courseware is a written course manual and does not include videos.
Does the courseware PDF have the same content as the online courseware?
Yes, the courseware PDF has the same content as the online courseware.
How frequently is the courseware updated?
We’re updating the courseware on a regular basis with new chapters, paragraphs, modifications, corrections and student feedback. The last modification date is displayed on the course page. Be sure to download the courseware PDF again to make sure that you have the latest and most current edition.
Is the Penetration Testing Course beginner friendly?
Yes, the VHL penetration testing course is a beginner friendly course. The Penetration Testing courseware covers a wide range of subjects starting with the basics. Each section of the courseware covers basic theory and practical demonstrations of techniques making it very beginner friendly. After going through the courseware you will be ready to compromise the vulnerable machines in the Virtual Hacking Labs.
What subjects are covered by the courseware?
The courseware covers a wide range of subjects from network enumeration to exploiting vulnerabilities. A complete overview of the courseware subjects can be found on the course page.
We also provide a free courseware sample that can be requested here.
What will I learn from the labs and courseware?
Throughout the penetration testing course we will primarily focus on the technical side of penetration testing. This means that you will learn how to identify vulnerabilities in systems, services and configurations. With this information we work with exploits that take advantage of these vulnerabilities as real attackers do. The learning goal here is to be able to identify vulnerabilities and to understand how systems are exactly vulnerable by exploiting them. We will be looking at systems and services as attackers do. With this information you will be able to detect potential security issues, solve or mitigate them and apply countermeasures. Key here is that you cannot fix anything that you don’t understand. We’re learning things by breaking things. To be able to fully understand how systems are vulnerable we will be analysing vulnerable code, exploiting real vulnerabilities and practicing scenarios in the labs.
General
Can I share my account to access the virtual hacking labs?
Sharing your VHL account with other users to access the Virtual Hacking Labs is not allowed. If suspicious activity on your account indicates excessive account sharing your account will be terminated immediately. This does not mean that you can’t access the labs from several locations, such as from home and work, which is perfectly fine.
We are trying to keep the pricing as friendly as possible so that each individual user can benefit all aspects of our services individually. Sharing accounts may restrict this for all parties involved sharing the same account. Only a single person can access the labs on an account at the same time and only 1 person can request the VHL certificate of completion. Also course and lab progress is limited to tracking the progress for a single person.
If you need access for a large group of users (25+), please contact us using the contact form.
Can I transfer my membership to another student?
Memberships and lab time can not be transferred to other students.
Can I write a walkthrough for my blog when I’ve compromised a host?
Congratulations! It’s great if you’ve compromised a host in the Virtual Hacking Labs and we understand you want to show your progress to the world! We configured every host in the Virtual Hacking Labs with great care and the findings necessary to compromise the host contributed to your learning experience in several ways. When other students come across your blog posts with a walkthrough in the process of finding ways to compromise the host, it can spoil their learning experience. For this reason, we kindly request that you do not post write-ups or walkthroughs for compromised hosts on your blog or post any other information that could degrade someone else’s learning experience. This includes password-protected writeups, (private) video streams, and GitHub profiles.
Do you have an affiliate program?
No, at this moment we do not have an affiliate program.
Do you have open job positions are Virtual Hacking Labs?
Open job positions will be listed in the news section.
Do you provide trial/demo accounts?
No, at this moment we do not provide trial or demo accounts. We do provide a courseware sample.
Does access to the labs include courseware?
Yes, our memberships are all-inclusive, which means that they include both courseware, lab access and a certificate of completion for month passes or greater.
The courseware includes information about:
- How to install Kali Linux and setup a VPN connection to the labs.
- How to use different hacking tools such as Metasploit, Nmap, Nikto & Netcat.
- How to perform network enumeration.
- How to perform a vulnerability assessment.
- How to compile exploits for Linux and Windows.
- How to exploit vulnerabilities.
- Privilege escalation on Windows & Linux.
More information about the courseware contents can be found on the course page. A free course sample is available on this page.
How can I become a penetration tester or ethical hacker?
This is probably one of the most asked questions by people new in the field of penetration testing and ethical hacking. The field of information security is very wide and we understand that sometimes it’s hard to find your way through this maze. We do not offer individual certification or career advice but we can offer you a virtual environment where you can start learning penetration testing techniques instantly at an affordable rate.
Our labs offer a wide range of entry level vulnerable hosts to practice different penetration testing techniques. When you have completed the beginner level hosts you can continue with the more advanced vulnerable systems which often require multiple steps to compromise. Also note that the labs are a great step-up for practical certifications such as OSCP, LPT, GPEN and eCPPT.
What will be in the virtual hacking labs?
The virtual hacking labs contain a number of vulnerable hosts to practice penetration testing techniques. The labs contains 40+ Windows, Linux, Android machines with recently discovered vulnerabilities and older common vulnerabilities. We are constantly in the process of updating the labs with new machines vulnerable to recent discoveries.
Who are these hacking labs for?
The virtual hacking labs are for anyone who wants to learn and practice penetration testing in a legal way. Especially those who want to get into the field of penetration testing and ethical hacking in a professional way can benefit from our labs. The hacking labs contain both beginner and advanced hosts targeting new and more experienced penetration testers. The beginner level hosts are a great step-up to the advanced boxes.
Why are you offering these virtual hacking labs?
There is a constantly growing demand for specialized security professionals like penetration testers in the job market. This growing demand leads to many unfilled positions now and even more in the future. With this course and the virtual hacking labs we want to offer a accessible environment for anyone to start developing the skills necessary to fulfil a position in the security market. We are aiming to keep the labs as close to real life situations as possible. Therefore many of the vulnerable hosts in the labs are based on real situations as encountered on enterprise networks.
Link: http://www.cisco.com/c/dam/en/us/products/collateral/security/cybersecurity-talent.pdf
Link: http://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016
Additionally, learning how to hack on live production systems is a really bad choice. Even small mistakes can have an enormous impact on organizational processes resulting in financial loses, data corruption or down time. The Virtual Hacking Labs hosts and its environment are designed solely for the purpose of practicing penetration testing techniques.
Will you refund (unused) access passes?
No, we do not refund unused access passes. In rare occasions we can pause or extend access to the virtual hacking labs. Please read more about pausing lab access here.
Ordering
Are the VHL memberships recurring?
No, VHL memberships are not recurring and can only be extended by purchasing a renewal pass from the shop.
Can I purchase a lab extension?
To extend a running membership you can buy a renewal pass from the renewals section in the web shop. Your current membership will be extended with the duration of the renewal pass.
If you want to renew your membership after it as been expired you have to buy a new access pass and you’ll receive new lab credentials as if it was a new order. All courseware and lab progress on your account will be stored at any time.
Can I receive an invoice?
Yes, your invoice will be sent after completing the payment and is also available as PDF in your account after the orders has been processed.
Can I register for a future date?
Yes, it is possible to register for a future date and secure a seat in the Virtual Hacking Labs. When you prefer a later start date please leave a comment with the preferred start date in the ‘additional information’ field during the order process. We’ll make sure your account will be activated at the requested start date.
Can I resell VHL vouchers/memberships?
We do not sell vouchers/memberships for resale; these orders are cancelled.
Do you offer discounts for groups?
At this moment we do not offer any discounts.
Do you offer virtual hacking labs for enterprises?
Yes, we do offer lab environments just for your team! If you are interested in a corporate labs, please contact us using the contact form for more information.
How can I order access for a group?
Please contact support prior to placing a group order.
How do I renew my access pass?
In order to renew your access pass, make sure you’re logged in and go to Renewal Shop.
Or follow these steps:
1.) Go to “My Account”
2.) In the column named “My Memberships” theres your membership, click on “View”.
3.) The renewal product will be visible and you’re able to add it to your cart.
On completion your membership and labtime will be extended and you can use your former credentials.
How long does it take to process my order?
Orders are processed within 24 hours.
On some occasions it might take more than 24 hours to process your order. On such occasions we will try to contact you as soon as possible with the expected starting date and time.
A delay in activation of your lab access will never impact the duration of the lab access.
Is there a minimum age requirement to sign up for the VHL course?
Yes, the minimum age at which you can sign up for the course is 18 years.
When does my lab access start after purchasing an access pass?
Orders are processed within 24 hours. Your lab time starts as soon as the order is processed.
On some occasions it might take more than 24 hours to process your order. On such occasions we will try to contact you as soon as possible with the expected starting date and time.
A delay in activation of your lab access will never impact the duration of the lab access.
When will my lab access end?
Access passes to the virtual hacking labs will end:
Pass type | Ends in |
Week pass | 7 days |
Month pass | 31 days |
3 Month pass | 93 days |
6 Month pass | 186 days |
Year pass | 365 days |
Some examples:
- A week pass activated on 1st of January at 12:00 will end 7 days later on 8 January at 12:00.
- A month pass activated on 1st of January at 12:00 will end 31 days later on the 1st of February at 12:00.
- A year pass activated on 1st of January 2017 at 12:00 will end 1 year later at the 1st of January 2018 at 12:00.
When will my order be delivered?
Orders are processed and delivered within 24 hours.
On some occasions it might take more than 24 hours to process your order. On such occasions we will try to contact you as soon as possible with the expected starting date and time.
A delay in activation of your lab access will never impact the duration of the lab access.
Why am I getting a Blocked Attempt on checkout?
When you’re getting a Blocked Attempt on check out and you’re not using a VPN or proxy, there are a few other reasons that might cause this. The most common reason for a blocked attempt on the checkout is that our services are not available in your country/region. This might be due to trade restrictions or other restrictions that prevent us from fulfilling orders, but mostly due to constantly evolving tax laws on digital goods. Many countries have very specific rules and requirements for taxation on digital products for individuals, which often require a great deal of time and resources to get compliant with (such as Indian GST on digital goods). We are constantly working on extending our services to new countries by getting compliant with their local tax laws.
Can I have someone else to pay for my order when VHL is not available in my region?
No, all orders should be placed by the person taking the course.
Can I place an order anonymously with a VPN?
No, we cannot accept anonymously placed orders for varying reasons. Anonymously placed orders will be cancelled.
Is there any other way to work around this?
We are working hard to extend our services to as many regions as possible which takes up a lot of time and resources because taxation systems are country (or state) specific, complex and constantly changing. Unfortunately, there’s not much else to do than wait until we have extended services to your region.
Why is my country not available in the countries drop down?
Please note that we currently cannot accept orders from individuals in countries that are not available in the countries drop down on the check out form. This might be due to trade restrictions or other restrictions that prevent us from fulfilling orders, but mostly due to constantly evolving tax laws on digital goods. Many countries have very specific rules and requirements for taxation on digital products for individuals which often require a great deal of time and resources to get compliant with. We are constantly working on extending our services to new countries by getting compliant with their local tax laws.
Why was my order cancelled?
While most orders are approved within 24 hours we sometimes have to cancel orders for various reasons, including:
- Bank transfer payments that haven’t been received within 3 weeks after placing the order will be cancelled automatically.
- We have been unable to verify payment information for your order, for your security and protection your order may have been cancelled.
- Information mismatch on your order. Make sure that your order details are correct and complete.
- Anonymous orders cannot be accepted for varying reasons and will be cancelled.
- Orders that are placed using a proxy/VPN, or other ways to obscure network or location, will be cancelled.
- Unforeseen stock issues (you will be notified by e-mail when your order was cancelled for this reason).
If you found your order cancelled, we kindly ask you to review which cancellation reason(s) may apply to your order and correct them before placing a new order. When all this is not the issue, please let us know.
In the event of a cancellation, your payment will be automatically refunded.
Payment
Can I cancel my order or get a refund?
Sorry, all sales are final and non-refundable.
Can I receive an invoice?
Yes, your invoice will be sent after completing the payment and is also available as PDF in your account after the orders has been processed.
Do you offer student discounts?
At this moment we do not offer any special discounts to students.
What currency is payment in?
The payment currency is:
Europe: EUR
Rest of the world: USD
What payment methods do you accept?
We currently accept the following payment methods:
- Paypal
- Credit Card/Debit Card
- Bank Transfer
- iDeal
We do not accept payment using Bitcoin or other crypto currencies.
Why do I have to pay VAT?
According to EU regulations, all customers located within the EU are required to pay VAT unless they have a valid VAT ID. In this case they are exempt from VAT. As per the new set of European Union regulations for VAT that came into effect starting January 1st, 2015, all of the purchases made through the Virtual Hacking Labs by EU customers will be charged a VAT rate according to the customer’s country of residence or establishment.
Pro Lab
Can I also obtain the Regular and Advanced+ 1 certificates in the VHL Pro Lab?
No, you can only get these certificates by completing lab machines in the regular lab. The Advanced+ 2 Certificate of Completion can only be obtained in the VHL Pro Lab.
Do I have access to all courseware with a Pro Lab membership?
Yes, with a VHL Pro Lab membership you have access to the regular courseware and the courseware that belongs to the Pro Lab. Please note that lab access to the regular lab is not included.
Do I have access to the Pro Lab courseware with a membership in the regular lab?
No, the VHL Pro Lab courseware is not accessible with a membership for the regular lab.
Does the Pro Lab membership include access to the regular lab environment?
No, the Pro Lab membership does not include access to the regular lab environment.
Is it possible to get a private server or vouchers for my team?
Yes! Contact our sales support for more information or use the Enterprise form.
Is there a sample report available for the Advanced+ 2 Certificate of Completion?
There is currently no sample report available for the Advanced+ 2 Certificate of Completion. However, a sample report is available for the regular Certificate of Completion that can be used as an example for the 10 pro lab machines requirement. The completion of the network lab objectives can be documented in the same way.
What are the pre-requisites to complete the VHL Pro Lab?
A good starting point for completing the VHL Pro Lab is the regular and Advanced+ Certificate of Completion. After obtaining both certificates, we expect that the VHL Pro lab should be achievable.
What are the requirements for the Advanced+ 2 Certificate of Completion?
The requirements to obtain the Advanced+ 2 Certificate of Completion are:
– Achieve root/administrator/system access on at least 10 lab machines in the VHL Pro Lab;
– Complete all objectives for Network Lab 01 and Network Lab 02;
– Provide documentation showing the 10 completed pro lab machines;
– Provide documentation showing completion of all objectives for Network Lab 01 & Network Lab 02.
What is the difference between Hints and Leads & Objectives in the Pro lab?
The hints in the regular lab aim to nudge you in the right direction if you’re stuck at a particular machine. The Leads & Objectives are more focused on the learning objectives and point the student more in the right direction.
Why is the difficulty for some Pro Lab machines TBD?
Soon all lab machines in the pro lab will be rated with 1 to 5 stars to express the difficulty of each machine. The more stars listed in the difficulty, the more difficult the lab machine is. The difficulty of each machine is determined by the number of steps to be taken in the intended exploit path, the difficulty of the exploit steps and based on student feedback.
Will you update the VHL Pro Lab with new courseware and lab machines?
Yes, the lab environment will be regularly updated with new lab machines. We also plan to expand the courseware topics in the near future. The VHL network labs will also be updated regularly.
Support
Can I call your support desk?
We do not offer support over the phone but we are happy to answer all your questions e-mail. You can submit your support request on the contact page.
We will answer your support inquiries within 1 business day on week days. Support inquiries submitted during the weekend will be handled on Monday. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.
Do you have a student forum or Discord channel?
At this moment we do not have a student forum, IRC or Slack channel but there is an unofficial VHL Discord channel managed by VHL students which can be found here: https://discord.com/invite/bQfGnVQ
Do you offer support on the course?
The VHL Penetration Testing Course is a self-paced course and priced accordingly. We do not offer support for the courseware, lab machines or related course related subjects.
Do you supply walkthroughs for the lab machines?
No, we do not supply walkthroughs for the lab machines as we believe that troubleshooting problems and finding solutions yourself is an important part of the learning experience. We do provide hints for Beginner/Advanced machines to help you move forward in case you get stuck on a specific machine.
How can I contact the support desk?
Our technical and commercial support desk is available by using the contact form: https://www.virtualhackinglabs.com/contact/
We will answer your support queries within 1 business day but generally within a few hours. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.
Please note that we only offer technical and commercial sales support. The VHL Penetration Testing Course is a self paced course. We do not offer support for the courseware, lab machines or related course related subjects.
Should I contact support when I’m unable to connect to the VPN?
The most common problems that prevent you from connecting to the VPN network can be fixed by yourself. When you’re unable to connect to the VPN we ask you to check the following before contacting support:
- Does your virtual machine have internet access and is it able to resolve hostnames?
- If you VM doesn’t have a working network connection or is unable to resolve hostnames the VPN client will throw the following error: SSLVPN error: Cannot resolve FortiGate address error.
- Solution: The most common solution is to specify the correct network settings for the VM.
- Is a firewall preventing you from establishing connections on port 443?
- This is not very common but in very restricted network environments a firewall may prevent you from connecting to the lab network.
- Solution: Contact your network administrator or use a different network.
- Are you using the right credentials supplied when you purchased the access pass?
- When the credentials are incorrectly supplied to the VPN client it will throw an ‘insufficient credentials’ error.
- Solution: Enter the right, case sensitive, credentials. If you copy the credentials from your registration e-mail, make sure that you don’t accidentally copy any whitespace.
- Are you using the VHL VM with the VPN client pre-installed?
- The pre-installed VMs are configured and tested to get quick and easy access the VPN network. If you’re having trouble installing/using the VPN client to access the network please try one of the VHL VMs instead.
- Have you followed the instructions in the documentation?
Please note that we can only support/troubleshoot the pre-installed VHL virtual machines.
If you are unable to install the VPN client or access the labs on an existing installation, please download one of the VHL pre-installed virtual machines. The reason we do not troubleshoot existing installations is that there are far too many causes that can cause connections problems and may require extensive troubleshooting that is beyond the scope of our support desk to fix. We have ruled out these possible causes on the pre-installed VHL virtual machines.
If you are still unable to access the VPN network, please contact the support desk and supply the following information:
- VPN account name
- The output of the following commands:
- ifconfig -a
- route -n
- uname -a
We will answer your support queries within 1 business day. If you cannot submit your support request through the contact form, please sent it to our info e-mail address. Support queries submitted in the weekends will be handled on Monday. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.
When is the support desk available?
We will always try to reply to support requests as soon as possible. In general our support desk is available between 08:00 GMT and 18:00 GMT from Monday to Friday. There is no support desk available on weekend days. We will answer your support queries within 1 business day but generally within a few hours.
If you have not received a response from us within 1 business day please check your spam folder before submitting another support request.
Please note that the VHL Penetration Testing Course is a self paced course, we only provide technical and commercial sales support.
The labs
Are all VHL lab environments identical?
Yes, we have multiple lab environments and they are all identical. After signing up for a Virtual Hacking Labs membership you will be assigned to one of the labs depending on the current load and capacity.
Are your labs a copy of OSCP/Vulnhub?
No, our labs are not a copy of the famous OSCP labs or instances from Vulnhub machines.
All machines in the labs are custom made for the Virtual Hacking Labs and are not copied from elsewhere. The starting point for the development of the virtual machines was the course syllabus to ensure that most subjects from the courseware are addressed in the labs. Therefore all lab machines are designed in a way to contribute to a specific learning experience in combination with the courseware.
Can I pause my lab time?
When you sign up for an account to access the virtual hacking labs we reserve a slot for you in the labs with unlimited access for the period of time that you’ve signed up for. This slot contains reserved resources which are available for 24 hours a day and 7 days a week, even when you’re not logged in. For this reason we are unable to pause your access pass to the labs, refund unused access passes or credit unused lab time.
Do you think there is an exceptional reason for us to pause your Virtual Hacking Lab access? Did you purchase an unused access pass for at least one month? Then contact us with this reason as soon as possible using the contact form and we will get back to you as soon as possible. Please note that lab access from the start date to the date of sending the e-mail will never be credited. We do not offer refunds.
Invalid reasons are: Busy with study or work, holidays and any other reasons due to bad time management.
Can I use a Mobile connection to connect to the labs?
We recommend a stable and high speed internet connection such as broadband or higher, preferably wired. We do not recommend to use a mobile 3G/4G connection for the best lab experience.
Can I use your labs and materials in my training?
It is not permitted to use any of our training materials (lab machines included) in another training, whether offline or online, paid or free.
This includes, but is not limited to:
- Classroom training;
- Online training;
- Online and offline courses;
- (Student) Meet-ups and study groups;
- Blog posts and other online/offline publications.
Do the labs contain Windows machines?
Yes, the labs contain several Windows machines.
Do you supply walkthroughs for the lab machines?
No, we do not supply walkthroughs for the lab machines as we believe that troubleshooting problems and finding solutions yourself is an important part of the learning experience. We do provide hints for Beginner/Advanced machines to help you move forward in case you get stuck on a specific machine.
How can I reset a specific host?
Every host on the lab network can be reset to it’s original state from the reset panel. When you’re connected to the virtual hacking labs network the reset panel is available on the following locations:
Lab number | Reset panel address |
Lab 1 | http://10.11.10.10 |
Lab 2 | http://10.12.10.10 |
Lab 3 | http://10.13.10.10 |
Lab 4 | http://10.14.10.10 |
Lab 5 | http://10.15.10.10 |
Lab 6 | http://10.16.10.10 |
We request you to only reset a host when strictly necessary. Every host can be reset once every 15 minutes and every student can reset 1 host every 15 minutes.
How do I access the Virtual Hacking Labs?
The following video demonstrates how easy it is to access the Virtual Hacking Labs from Kali Linux 2017.1 and how to verify the connection:
Video: Accessing the Virtual Hacking Labs on Kali Linux 2017.1
How much time do I need to complete the labs?
In general this question is hard to answer as this totally depends on your professional and educational background, prior experience with penetration testing and the time available to spend on the labs. The virtual hacking labs contain over 30 vulnerable hosts in various degrees of difficulty. The easy hosts may take a small time to compromise and the hosts with a greater difficulty might take significantly more time to complete.
What are the internet speed requirements?
We recommend a minimum of 5 mbps download and 1 mbps upload speeds but more important is a stable internet connection that doesn’t drop. Therefore a we recommend a stable and high speed internet connection such as broadband or higher, try to avoid mobile 3G/4G connections for the best lab experience.
For the most stable VPN connection we also recommend to use a wired connection on your LAN instead of a wireless connection.
What do I need to access the virtual hacking labs?
We recommend a laptop or desktop computer with a stable internet connection that is capable of:
– Running a recent version of Windows, OSX or Linux.
– Running a virtual instance of Kali Linux in VMWare Player Free or Oracle VirtualBox.
We supply a VMware virtual machine pre-installed with a SSL VPN client that requires the following resources:
– A minimum of 15 GB disk space.
– A minimum of 1 GB RAM.
What if i’m stuck at a lab machine?
When you are stuck on a lab machine we recommend you to review the related parts of the courseware and try again. You can also have a look at the Lab Progress Panel that contain hints for the beginner and advanced machines. If you are still unable to compromise the specific host you can move on to another machine and come back to it later.
What if multiple students are working on one host?
It is possible that multiple students are working on 1 specific host. On some occasions this might interfere such as disconnecting another user when connecting through RDP for example. When you notice that your actions interfere with other students working on the same box, we kindly ask you to move on to another host and come back to it later.
When should I reset a host?
We recommend you to reset or revert a specific host to its original state before you attempt to compromise it. As the virtual hacking labs is shared with more students it is very possible that a compromised host is in a state where it cannot be compromised anymore. A root account might have had a password change or a vulnerable service might have crashed in the exploitation process.
These are all valid reasons to reset a specific host. Please keep in mind that the virtual hacking labs are shared hacking labs. For this reason we request you to only reset a host when strictly necessary. Every host can be reset once every 15 minutes and every student can reset 1 host every 15 minutes.
Where can I find the progress panel for the labs?
Your lab progress panel can be accessed here: Lab Dashboard
Where can I find the reset panel?
The location of the reset panel depends on the lab to which you are assigned to. Once connected to the Virtual Hacking Labs VPN you can find the reset panel available through a web browser using the appropriate IP address:
Lab | Reset Panel |
Lab 1 | http://10.11.10.10 |
Lab 2 | http://10.12.10.10 |
Lab 3 | http://10.13.10.10 |
Lab 4 | http://10.14.10.10 |
Lab 5 | http://10.15.10.10 |
Lab 6 | http://10.16.10.10 |
Why are the virtual hacking labs shared labs?
This is a good question! As you might know the virtual hacking labs contain a great number of virtual hosts. All these hosts together form one big hacking lab which requires a great deal of costly server resources such as processing power, memory and storage in RAID configurations to run smoothly. Not only server resources are required, also enterprise grade firewalls, switches and a lot of software licenses are needed. These servers and hardware need to be hosted in highly advanced datacentres charging for rack space, bandwidth, power and service contracts.
All together it is very costly to host these labs and making them available as shared labs for multiple students, it becomes affordable. We’re always trying to maintain the best user, host and cost ratio to make the labs available and affordable for a wide public.
Why is there a host on the reset panel that is not on the Lab dashboard?
New lab machines are added to the lab dashboard when they’re officially launched (check the news section and/or the knowledge base). Sometimes there can be a few days between the official launch date of a new machine and the day the machine is deployed in the labs and added to the reset panel.
Why should I purchase lab access at Virtual Hacking Labs? Some resources are free.
Another great question! There are a lot of great resources available for practicing penetration testing without any charge. Some of these resources are online and others come in the form of downloadable virtual machines to run on your local machine. We can and do recommend a lot of these great resources. The Virtual Hacking Labs can be seen as a valuable extension of these free resources. We would like to point out a few advantages over free resources offered at the Virtual Hacking Labs. At the Virtual Hacking Labs we want to provide you with directly accessible hacking labs at an affordable rate. Access to the Virtual Hacking Labs does not require any in-depth technical knowledge, setup time or expensive hardware that is capable of running multiple virtual machine instances at the same time. The labs are accessible through a preinstalled virtual machine and SSL VPN that only requires you to enter an IP/server address, username and password to connect. In theory you could be up and running within 15 minutes from purchasing an access pass and receiving your credentials.
As over 90% of the corporate networks is installed with the Windows operating system we do have a lot of vulnerable Windows hosts on the network. As all Windows operation systems are proprietary software they cannot be offered without charge. We took care of installing and licensing the Windows machines so you can focus on learning new penetration testing skills.
Last but not least; we are working with a small team to maintain the courseware and labs to keep them up to date with new techniques and recently discovered vulnerabilities. The vulnerable hosts are based on real-life scenarios as you would encounter on a real penetration test and real (company) networks with servers, clients, firewalls, NAS, mobile devices and other hardware. With a mixture of different operating systems, devices and applications we try to provide and maintain a rich educational experience.
Summarized the Virtual Hacking Labs offers:
- A beginner friendly Penetration Testing course with online labs starting at $99,-.
- Directly and easily accessible hacking labs at a very affordable rate.
- A membership model with transparent rates without one-time fees.
- A Lab Dashboard to track your progress in the labs and a personal reset interface.
- A full courseware book to prepare you for the challenges in the labs.
- Lots of vulnerable hosts as you would encounter on real penetration tests.
- Lots of vulnerable Windows hosts.
- Constantly evolving and updated labs and courseware.
Troubleshooting
I am connected to the VPN but cannot access the lab machines
When you’re connected to the VPN network you will have an IP address (verify with ifconfig, IP: 172.16.x.1/24) on the ppp0 network adapter and the VPN client says that the VPN Tunnel is running. In the following section we will list the most common issues and look at how to solve these issues. We kindly ask you to try these solutions before contacting the support desk:
- Make sure that you use the correct IP addresses to access the vulnerable hosts and the reset panel, hosts in other labs are not routable.
- Solution: Use the correct IP addresses as listed in the following courseware section: Lab subnets.
- Verify that the VPN client displays the following status: Tunnel running. If you’re on a unstable connection, such as a (public) WiFi network, you can experience more frequent disconnects and the tunnel goes down.
- Solution: If the status is ‘Tunnel down‘ stop the VPN connection and reconnect to the lab network.
- Solution: For unstable connections activate the ‘Keep connection alive until manually stopped’ option in the VPN client settings menu (or –keepalive in CLI) and reconnect to the network. This will not solve connections issues but will automatically reconnect you to the network when they happen.
- On a rare occasion the routing table can be flawed, this can be caused by disconnecting and reconnecting quickly a couple times. The routing table should contain routes to the vulnerable host subnet and the reset panel on the ppp0 interface. Use the following command to check your routing table on Linux:
route
- Solution: When you’re connected to the lab network and the routing table does not contain entries to the lab subnet and reset panel on the ppp0 interface we recommend to reboot your virtual machine. After rebooting you can connect to the network and verify that the correct routes are set.
- Solution: While rebooting your VM is usually the easiest way to fix this problem you can also add the routes manually using the following commands:
route add -net [lab subnet]/24 gw [VPN IP] ppp0 && route add [reset panel IP] gw [VPN IP] ppp0
- For lab 1 this would be:
route add -net 10.11.1.0/24 gw [VPN IP] ppp0 && route add -net 10.11.2.0/24 gw [VPN IP] ppp0 && route add -net 10.11.10.10 gw [VPN IP] ppp0
- Have you tested all of the above and you’re still not able to access the lab machines? Please contact our support desk.
Invalid certificate warning when connecting to the VPN
Because the FortiClient SSLVPN for Linux does not use the default OS truststore, but checks for trusted certificates in its own repository, you can get an ‘Invalid certificate warning’ when connecting to the Virtual Hacking Labs VPN. To avoid this you need to run the following three commands to add the CA certificates to the FortiClient trusted store:
mkdir ~/.fctsslvpn_trustca
cp /etc/ssl/certs/COMODO_RSA_Certification_Authority.pem ~/.fctsslvpn_trustca/
cp /etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem ~/.fctsslvpn_trustca/
Links
https://kb.fortinet.com/kb/viewContent.do?externalId=FD40440
Should I contact support when I’m unable to connect to the VPN?
The most common problems that prevent you from connecting to the VPN network can be fixed by yourself. When you’re unable to connect to the VPN we ask you to check the following before contacting support:
- Does your virtual machine have internet access and is it able to resolve hostnames?
- If you VM doesn’t have a working network connection or is unable to resolve hostnames the VPN client will throw the following error: SSLVPN error: Cannot resolve FortiGate address error.
- Solution: The most common solution is to specify the correct network settings for the VM.
- Is a firewall preventing you from establishing connections on port 443?
- This is not very common but in very restricted network environments a firewall may prevent you from connecting to the lab network.
- Solution: Contact your network administrator or use a different network.
- Are you using the right credentials supplied when you purchased the access pass?
- When the credentials are incorrectly supplied to the VPN client it will throw an ‘insufficient credentials’ error.
- Solution: Enter the right, case sensitive, credentials. If you copy the credentials from your registration e-mail, make sure that you don’t accidentally copy any whitespace.
- Are you using the VHL VM with the VPN client pre-installed?
- The pre-installed VMs are configured and tested to get quick and easy access the VPN network. If you’re having trouble installing/using the VPN client to access the network please try one of the VHL VMs instead.
- Have you followed the instructions in the documentation?
Please note that we can only support/troubleshoot the pre-installed VHL virtual machines.
If you are unable to install the VPN client or access the labs on an existing installation, please download one of the VHL pre-installed virtual machines. The reason we do not troubleshoot existing installations is that there are far too many causes that can cause connections problems and may require extensive troubleshooting that is beyond the scope of our support desk to fix. We have ruled out these possible causes on the pre-installed VHL virtual machines.
If you are still unable to access the VPN network, please contact the support desk and supply the following information:
- VPN account name
- The output of the following commands:
- ifconfig -a
- route -n
- uname -a
We will answer your support queries within 1 business day. If you cannot submit your support request through the contact form, please sent it to our info e-mail address. Support queries submitted in the weekends will be handled on Monday. If you have not received a response from us within 1 business day please check your spam folder before submitting the request again.
The apt update command fails with invalid signatures
This error occurs when Kali Linux has not been updated for a while causing the repository key being expired. You can fix this problem by running the following command:
wget -q -O - https://archive.kali.org/archive-key.asc | sudo apt-key add
What is my VPN IP address?
Your VPN IP address is on the ppp0 network adapter when you’re connected to the labs (172.16.x.x). You can find this IP address by connecting to the lab network and type the following command in a terminal: ifconfig
Why am I getting a 403 Forbidden error when I try to download a VM?
When you get a ‘403 Forbidden’ error after clicking the download link in your e-mail, start the download from your user panel here: Downloads. If you need additional downloads please contact our support department and we’ll add new downloads to your account.
Why am I getting a Start SSLVPN error: Cannot resolve Fortigate address error?
You’re trying to connect to the lab network with the Fortigate SSL VPN client and you’re getting this error when you press the connect button. This error says that the VPN client is unable to resolve the hostname for the labs which usually occurs when the virtual machine doesn’t have a working network connection. To solve this problem make sure that you:
- Have a working network connection on your VM;
- Have an IP address on your network set for the VM (Via DHCP, statically set or shared with the host using NAT settings for the VM);
- Are able to resolve hostnames.
If your VM has a working network/internet connection and you’re getting this error, please make sure that you’ve:
- Entered the right hostname;
- Specified correct DNS settings.
Why am I not able to access the reset panel?
To access the reset panel for your lab please make sure that you’re:
1. Connected to the VPN network.
2. Use the IP address that corresponds to the lab you’ve been assigned to. You can find more information about the reset panel locations for each lab in the following section of the courseware: Lab subnets
Why am I not able to ping the lab machines?
If you’re using ping to determine if a lab machine is up, please keep in mind that not all hosts respond to ping. If you want to check if you’re connected to the lab network by pinging a host, please make sure to ping different hosts or visit the reset panel in your lab.
Can’t ping any host or access the reset panel? Make sure that you ping hosts and access the reset panel in the right subnet that corresponds with the lab that you’re assigned to: Lab subnets
Why can’t I access the courseware/downloads/labs after finishing my order?
We have to manually review and approve your order at the Virtual Hacking Labs before you can access the online courseware, downloads and labs. In most cases your order will be approved and delivered within a couple hours after your order details and payment have been received and verified. In rare occasions it might take up to 24 hours to activate your lab access. On such occasions we will try to contact you as soon as possible with the expected starting date and time.
A delay in activation of your account will never impact the duration of the lab access.