Penetration Testing Lab
The Virtual Hacking Labs is a full penetration testing lab that is designed to learn the practical side of penetration testing in a safe environment. We provide an online lab environment where beginners can make their first step into penetration testing and where more experienced professionals can sharpen their skills. The labs contain real world scenarios with systems and devices that can be found on many company networks. On the lab network you will find vulnerable Windows, Linux and Android hosts, domain controllers, webservers, mail servers, firewalls, web applications and many more systems, services and applications. Every system in the labs is uniquely configured to contribute to a specific learning experience that involves one or more attack vectors.
We keep your knowledge and experience up-to-date by updating our labs with recently discovered vulnerabilities. The penetration testing labs follow a black box approach which means that little information is given about the hosts as if you were engaging on a real penetration test. Access to the Virtual Hacking Labs is provided by VPN connection that connects you to the lab network as if it is a real company network.
The courseware that is included with every lab access pass covers all phases of penetration testing, from enumeration to exploitation. By enumerating the lab machines you will learn how to gather information that can be used to identify vulnerabilities and finally to exploit the target machines. In the labs you will learn how to enumerate and exploit protocols such has FTP, SNMP & SMB. You will also learn how to exploit web applications that are vulnerable to Remote Code Execution, SQL injection, Local File Inclusion, Remote File inclusion and many other vulnerabilities. After getting an initial command line shell on an exploited target, you will have the opportunity to practice privilege escalation techniques to upgrade non-privileged shells to an administrator shell.
Access to the Virtual Hacking Labs is provided through a VPN client which connects you to the network as if it is a real company network. We provide several popular pre-configured penetration testing distributions such as Kali Linux and Parrot Security OS. Installing the penetration testing distribution of your choice is very easy and usually consists of a few clicks.
In the labs you will learn how to compromise Linux and Windows hosts, domain controllers, webservers, mail servers, development tools and many more systems, services and protocols. You will also encounter network devices such as firewalls, routers and NAS systems that are commonly used in both personal and enterprise settings. Every system is configured to contribute to a specific learning experience using one or more attack vectors. We are keeping the labs up-to-date with new machines and recently discovered vulnerabilities with high impact. This is how we want to keep your knowledge and experience up-to-date.
All vulnerable hosts have been designed by The Virtual Hacking Labs. The labs do not contain existing hosts from other resources.
Along with the lab access we provide written courseware that will teach you the basics of penetration testing and provide a solid foundation to successfully compromise the vulnerable hosts in the training labs. The courseware is written in a way that is easily understandable for anyone new to the field of penetration testing and ethical hacking. We start with the very basics of penetration testing such as port scanning and vulnerability identification and gradually increase the difficulty by covering more advanced subjects such as compiling exploit and privilege escalation techniques.
The training materials cover the following subjects:
- Information gathering
- DNS enumeration
- Service enumeration (SNMP, FTP, HTTP, SMB and a lot more)
- Port scanning
- Performing vulnerability assessments and vulnerability analysis
- Manual and automated vulnerability scanning
- Compiling Linux and Windows exploits
- How to work with exploits
- Web application hacking
- Privilege escalation techniques
- Password and hash attacks
- And many more subjects…
The training materials are also provided as a downloadable e-book for students purchasing a Month pass or greater.
The Virtual Hacking Labs reset panel can be used to reset hosts in the lab network back to their original state. Resetting a host is particularly useful when a host is left in a state where it is not vulnerable anymore. Resetting the host will give you a fresh start on the machine. Every student is allowed to reset hosts in the lab every 15 minutes through the reset panel. This guarantees an effective learning experience as designed without delays.
All students have access to a dedicated student panel that can be used to track your courseware and lab progress. This panel also provides information about the lab machines, including hints for anyone that’s stuck at a specific box. This way you can choose what your learning path will look like. Do you prefer a full black box approach and root all machines on your own or do you prefer a balance between theoretical and practical part of the course with some help along the way?
The hints are not direct solutions for the lab machines but they contain enough information to push you in the right direction. To keep the Virtual Hacking Labs challenging for everyone we only provide hints for the Beginner and Advanced machines. The Advanced+ hosts are the final challenge and are excluded from hints.
The Virtual Hacking Labs is designed for anyone that wants to learn and practice penetration testing in a safe virtual environment. Even if you have little or no experience in penetration testing, the Virtual Hacking Labs is a great place to start your ethical hacking journey. The provided courseware covers the basics of penetration testing and provides a solid foundation to become successful in the labs. The labs contain entry level vulnerable machines for beginners and more advanced machines for experienced penetration testers and those who finished the beginner level hosts.
For beginners there are no real prerequisites other than a general understanding of basic IT concepts and time and motivation to learn about ethical hacking. Anyone with basic knowledge of operating systems and networking can start to learn penetration testing in the Virtual Hacking Labs. The training materials will teach you everything you need to know to get you started in the labs, from the very basics of penetration testing to more advanced subjects.
Nevertheless basic knowledge about the following subjects is very useful:
- Basics usage of (Kali) Linux and Windows operating systems.
- General understanding of networking.
- Basic command line usage.
This is not a follow along course and to successfully compromise the lab machines a student also needs to research additional resources. New techniques and vulnerabilities are discovered on a daily basis which makes research a crucial part of the learning process to become a skilled ethical hacker.
Certificate of Completion
For those who managed to get root/administrator access on at least 20 lab machines can request a certificate of completion. This trophy consists of a PDF certificate with your name and a set of badges to use for social media such as LinkedIn. The VHL Certificate of Completion is included at no additional cost with a month pass and greater.
To be eligible for the VHL Certificate of Completion you need to:
- Get root/administrator access on at least 20 lab machines.
- Supply documentation of the exploited vulnerabilities.
- Supply screenshots proving that you rooted the lab machines.
- Supply the contents of key.txt files from the rooted lab machines.
The documentation should at least contain information about the exploited vulnerabilities, such as the CVE ID’s, used exploits and screenshots of the exploitation process. The screenshots should contain at least the following information: Lab machine IP, your IP and the used commands (command line, URL’s, requests etc.). For privilege escalation also include screenshots with the output of the id/whoami/getuid command before and after executing the exploit.
Completing the penetration testing course may qualify you for 40 (ISC)² CPE and EC Council credit hours. The Certificate of Completion can be used as proof for completing the course.
After submitting the documentation to info @ virtualhackinglabs.com we will manually verify the information and check the authenticity of the screenshots. Be sure to include your student ID and full name to display on the Certificate of Completion in the documentation. Also use the e-mail address you have signed up with to the Virtual Hacking Labs. When the supplied documentation and screenshots have been approved we will send the Certificate of Completion as soon as possible.
We recommend a laptop or desktop computer with internet access and capable of:
- Running a recent version of Windows, OSX or Linux.
- Running a virtual instance of Kali Linux in VMWare Player Free or Oracle VirtualBox.
Virtual Hacking Labs supplies Virtual Machine images with a pre-installed SSL VPN client. These images generally require the following resources:
- A minimum of 15 GB disk space
- A minimum of 1 GB RAM
- A stable internet connection
Lab Access Passes
The lab access is purchased for a certain amount of time. This subscription based pricing model based allows you to decide how much you want to spend on the course starting as low as $99,- for 1 month.
|Options||Week pass||Month pass||Year pass|
|Full Lab Access||Yes||Yes||Yes|
|Full Online Courseware||Yes||Yes||Yes|
|Certificate of Completion||No||Yes||Yes|
|Personal Reset Interface||Yes||Yes||Yes|
|Advanced progress tracking||Yes||Yes||Yes|