Penetration Testing Lab
The Virtual Hacking Labs is a full penetration testing lab that is designed to learn the practical side of vulnerability assessments and penetration testing in a safe environment. We provide an online lab environment where beginners can make their first step into penetration testing and more experienced professionals can sharpen their pentesting skills. The online hacking labs contain real-world scenarios with systems and devices that can be found on most company networks. You will find vulnerable Windows, Linux and Android hosts, webservers, mail servers, firewalls, web applications and many more systems, services and applications. Every system in the labs is uniquely configured to contribute to a specific learning experience that involves one or more attack vectors.
We keep your knowledge and experience up-to-date by updating our labs with recently discovered vulnerabilities. The penetration testing labs follow a black box approach which means that little information is given about the hosts as if you were engaged on a real penetration test. Access to the Virtual Hacking Labs is provided by a VPN connection that connects you to the lab network as if it is a real company network.
The courseware that is included with every lab access pass covers all phases of the penetration testing process, from information gathering to vulnerability identification and exploitation. By enumerating the lab machines you will learn how to gather the information needed to identify vulnerabilities and finally to exploit the target machines. In the labs you will learn how to enumerate and exploit protocols such has FTP, SNMP & SMB. You will also learn how to exploit web applications that are vulnerable to Remote Code Execution, SQL injection, Local File Inclusion, Remote File inclusion and many other vulnerabilities. After getting an initial command line shell on an exploited target, you will have the opportunity to practice privilege escalation techniques to upgrade from a non-privileged user shell to an administrator shell.
Lab Access
Access to the Virtual Hacking Labs is provided through a VPN client that connects your penetration testing machine to the online lab network. We provide several pre-configured penetration testing machines, such as Kali Linux and Parrot Security OS, that get you ready to connect to the online labs in no-time.
Vulnerable hosts
The online lab consists of 50 custom vulnerable by design machines ready to be exploited. In the labs you will learn how to compromise Linux and Windows hosts, webservers, mail servers, development tools and many more systems, services and protocols. You will also encounter network devices such as firewalls, routers and NAS systems that are commonly used in both personal and enterprise settings. Every system is configured to contribute to a specific learning experience using one or more attack vectors. We are keeping the labs up-to-date with new machines and recently discovered vulnerabilities with high impact. This is how we want to keep your knowledge and experience up-to-date.
All vulnerable hosts have been designed by The Virtual Hacking Labs. The labs do not contain existing hosts from other resources.
Training Materials
Along with the lab access we provide written courseware that will teach you the basics of penetration testing and provide a solid foundation to successfully compromise the vulnerable hosts in the online labs. The courseware covers many subjects such as port scanning, vulnerability assessments and exploitation techniques. Starting with the basics and gradually increasing the difficulty by covering more advanced subjects such as exploit compilation and privilege escalation techniques. Every section of the courseware starts with basic theory followed by a practical demonstration of the subject. The courseware is written in a beginner-friendly way that is easily understandable for anyone new to the field of penetration testing and ethical hacking.
The training materials cover the following subjects:
- Information gathering
- Vulnerability assessments and analysis
- DNS enumeration
- Service enumeration (SNMP, FTP, HTTP, SMB and a lot more)
- Port scanning
- Manual and automated vulnerability scanning
- Compiling Linux and Windows exploits
- How to work with exploits
- Web application hacking (SQL injection, Remote code Execution, local file inclusion, file upload vulnerabilities etc.)
- Privilege escalation techniques on Windows and Linux
- Password and hash attacks
- Metasploit
- And many more subjects…
The training materials are also provided as a downloadable e-book for students purchasing a Month pass or greater.
Reset Panel
The Virtual Hacking Labs reset panel can be used to reset hosts in the lab network back to their original state. Resetting a host is particularly useful when a host is left in a state where it is not vulnerable anymore. Resetting the host will give you a fresh start on the machine. Every student is allowed to reset hosts in the lab every 5 minutes through the reset panel. This guarantees an effective learning experience as designed without delays.
Lab Dashboard
All students have access to a dedicated lab dashboard that can be used to track your courseware and lab progress. This panel also provides information about the lab machines, including hints in case you get stuck at a specific lab machine. This way you can choose what your learning path at the Virtual Hacking Labs will look like. Do you prefer a full black box approach and root all machines on your own? Or do you prefer a balance between the theoretical and practical part of the course with some help along the way?
The hints are not direct solutions for the lab machines but they contain enough information to push you in the right direction. To keep the Virtual Hacking Labs challenging for everyone we only provide hints for the Beginner and Advanced machines. The Advanced+ hosts are the final challenge and are excluded from hints.
Target Audience
The Virtual Hacking Labs is designed for anyone that wants to learn and practice penetration testing in a safe virtual environment. Even if you have little or no experience in penetration testing, the Virtual Hacking Labs is a great place to start your ethical hacking journey. The provided courseware covers the basics of penetration testing and provides a solid foundation to become successful in the labs. The labs contain entry-level vulnerable machines for beginners and more advanced machines for experienced penetration testers and those who finished the beginner level hosts. We provide a challenging and dynamic environment for beginners looking to practice penetration testing online, experts that want to sharpen their penetration testing skills and also for Certified Ethical Hackers looking for online practice labs in addition to the theoretical part of the CEH course.
For beginners there are a few small prerequisites which consist of a general understanding of basic IT concepts, general understanding of operating systems and time and motivation to learn about penetration testing. Anyone with basic knowledge of these subjects and the motivation to learn, can start to learn penetration testing in the Virtual Hacking Labs. The training materials will teach you everything you need to know to get you started in the labs, from the very basics of penetration testing to more advanced subjects.
Nevertheless basic knowledge about the following subjects is very useful:
- Basics usage of (Kali) Linux and Windows operating systems.
- General understanding of networking.
- Basic command line usage.
- Being able to setup and work with a Virtual Machine.
Curious what others have to say about The Virtual Hacking Labs? Check out our review page!
Certificate of Completion
If you get root/administrator access on at least 20 lab machines (Beginner or Advanced) and provide documentary proof of that achievement, you can apply for the VHL Certificate of Completion. If you manage root/administrator access on at least 10 Advanced+ machines (and exploiting at least two vulnerabilities without using any automated tools or publicly available scripts), then you are entitled to apply for the VHL Advanced+ Certificate of Completion. Certificates of Completion come in the form of a personalized PDF and sent by email.
The VHL Certificate of Completion is included at no additional cost with a month pass and greater.
To be eligible for the VHL Certificate of Completion you need to:
- Get root/administrator access on at least 20 lab machines.
- Supply documentation of the exploited vulnerabilities.
- Supply screenshots proving that you rooted the lab machines.
- Supply the contents of key.txt files from the rooted lab machines.
To be eligible for the VHL Advanced+ Certificate of Completion you must:
- Achieve root/administrator/system access on at least 10 Advanced+ lab machines.
- Successfully perform manual exploitation of at least two vulnerabilities on any two of the lab machines (i.e. without resorting to automated tools such as Metasploit or using publicly available scripts). The chosen vulnerabilities should be exploited before with publicly available exploits or Metasploit in order to qualify;
- Provide documentation showing how all the vulnerabilities on all 10 lab machines were exploited, do not include (compiled) exploits with your documentation;
- Include screenshots proving that you rooted the lab machines;
- Supply the contents of key.txt files from the rooted lab machines.
The documentation should at least contain information about the exploited vulnerabilities, such as the CVE ID’s, used exploits and screenshots of the exploitation process. The screenshots should contain at least the following information: Lab machine IP, your IP and the used commands (command line, URL’s, requests etc.). For privilege escalation also include screenshots with the output of the id/whoami/getuid command before and after executing the exploit.
Completing the penetration testing course may qualify you for 40 (ISC)² CPE and EC Council credit hours. The Certificate of Completion can be used as proof for completing the course.
After submitting the documentation to info @ virtualhackinglabs.com we will manually verify the information and check the authenticity of the screenshots. Be sure to include your student ID and full name to display on the Certificate of Completion in the documentation. Also use the e-mail address you have signed up with to the Virtual Hacking Labs. When the supplied documentation and screenshots have been approved we will send the Certificate of Completion as soon as possible.
System Requirements
We recommend a laptop or desktop computer with internet access that is capable of:
- Running a recent version of Windows, OSX or Linux.
- Running a virtual instance of Kali Linux in VMWare Player Free or Oracle VirtualBox.
The Virtual Hacking Labs provides virtual machine images with a pre-installed SSL VPN client. These images generally require the following resources:
- An intel based CPU (not Mac M1)
- A minimum of 20 GB disk space
- A minimum of 1 GB RAM (2-4GB recommended)
- A stable internet connection (Broadband, preferably wired and not mobile)
Lab Access Passes
The lab access is purchased for a certain amount of time. This subscription-based pricing model based allows you to decide how much you want to spend on the course starting as low as $99,- for 1 month.
Options | Week pass | Month pass | Year pass |
Full Lab Access | Yes | Yes | Yes |
Days | 7 | 31 | 365 |
Full Online Courseware | Yes | Yes | Yes |
Certificate of Completion | No | Yes | Yes |
Personal Reset Interface | Yes | Yes | Yes |
Advanced progress tracking | Yes | Yes | Yes |
Download courseware | No | Yes | Yes |
E-book | No | Yes | Yes |
* KALI LINUX ™ is a trademark of Offensive Security.