skip to content W3C SVG

Setting up the workspace for Hacking Lab

Muhammad Akbar
Feb 22, 2013
Buy Me a Coffee

Give me six hours to chop down a tree and I will spend the first four sharpening the axe.
(Abraham Lincoln)

Get an account at hacking-lab.com. You will need it later. Afterwards, there are two main steps for getting started.

Setting up Backtrack

The first thing to do is to setup a working environment with significant tools to get started. Although Hacking-Lab.com provides a Live-CD, I prefer to use Backtrack as I already have a working virtual appliance for VirtualBox.

Note: There are a ton of resources on the Internet to get one started on Backtrack if you don’t already have one. Start here at the wiki

Setting up VPN connection to the remote security lab

With a working virtual operating system in place, let’s connect to the remote lab for exploitation. First of all, go get the server certificate at http://media.hacking-lab.com/largefiles/livecd/openvpn-config/backtrack/hlca.crt. There is a python based vpn client available, however it didn’t work out of the box for me. I slightly modified it and created my own version.

#!/usr/bin/python

###############################################################
# Hacking Lab Python based OpenVpn Client (modified)          #
# Modified for https://blog.secursive.com/tags/hacking-lab/). #
# Only required files are: this client and the hlca.crt file. #
# credit for original: Zy0d0x                                 #
###############################################################

try:
  import getpass
  import pexpect
  import shutil
  import time
  import os
except ImportError:
  pass
  
def config():
  print '\n[+]Writing Configuration File'
  file=open("/tmp/config.ovpn", "w")
  file.write("client \n")
  file.write("dev tun \n")
  file.write("proto tcp \n")
  file.write("remote 212.254.246.102 443 \n")
  file.write("ns-cert-type server \n")
  file.write("resolv-retry infinite \n")
  file.write("nobind \n")
  file.write("persist-key \n")
  file.write("persist-tun \n")
  file.write("ca hlca.crt \n")
  file.write("auth-user-pass \n")
  file.write("auth-nocache \n")
  file.write("verb 1")
  file.close()
  
def resolvconfhl():
  print '\n[+]Writing Resolv.conf'
  conf=open("/tmp/resolv.conf", "w")
  conf.write("domain hacking-lab.com \n")
  conf.write("search hacking-lab.com \n")
  conf.write("nameserver 192.168.200.203")
  conf.close()
  
def clean():
  print'\n[+]Cleaning Up Left Over Files'
  os.remove('/tmp/config.ovpn')
  os.remove('/tmp/resolv.conf')
  os.remove('/tmp/resolv.conf.ori')
  time.sleep(1)
  print'\n[-]Exiting Commandline Client'
   


try:
   if os.geteuid() != 0:
    print 'Hacking-Lab Commandline Client Is Not Running As Root, Please Re-run Client As A Root User...\n'
    sys.exit(1)
   else:
    print'''

  #   #                      #          
  #   #   ##  ####  #  # # #  #  ####    #     ##   #####  
  #   #  #  #  #  # #   #  # ##   # #  #     #    #  #  #  #
  ####### #  # #    ####   # # #  # #    ##### #     #  # #####  
  #   # ###### #    #  #   # #  # # #  ###     #     ###### #  #
  #   # #  # #  # #   #  # #   ## #  #     #     #  # #  #
  #   # #  #  ####  #  # # #  #  ####    ####### #  # #####
  '''  
    username = raw_input('\nPlease Enter You Hacking Lab Email Address:')
    if username == '':
       print '\n\n[-]No Username Entered'
    else:
       password=getpass.getpass('Password: ') 
       if password == '':
        print '\n\n[-]No Password Entered'
       else:
       config()
          resolvconfhl()
          shutil.copy('/etc/resolv.conf', '/tmp/resolv.conf.ori')
          shutil.copy('/tmp/resolv.conf', '/etc/resolv.conf')
          execute=pexpect.spawn('openvpn /tmp/config.ovpn')
          execute.expect('Enter Auth Username:')
          execute.sendline(username)
          execute.expect('Enter Auth Password:')
          execute.sendline(password)
          execute.expect('Initialization Sequence Completed')
          print'\n[+]Connected, Press Ctrl-C To Exit Client'
          execute.interact()
          shutil.copy('/tmp/resolv.conf.ori', '/etc/resolv.conf')
          clean()
         
except KeyboardInterrupt:
  print '''\n\n[-]Exiting Hacking Lab Client...'''

Save this python client as hacking-lab-vpn.py, make it executable (chmod +x hacking-lab-vpn.py) and execute it in a shell (as root user). Provide your hacking-lab.com email and password to the client and voila, you are connected to the remote security lab.

To make sure that you have gained proper access, fire up Firefox, turn off any network proxy settings, and open up http://glocken.hacking-lab.com in the browser. If you are able to access the website, congratulations! You can now solve the Top Ten OWASP challenges (Find them here: http://www.hacking-lab.com/caselist/).

References

  1. Hacking Lab, https://www.hacking-lab.com/Remote_Sec_Lab/
  2. Hacking Lab Live CD, https://www.hacking-lab.com/Remote_Sec_Lab/livecd.html
  3. BackTrack, https://www.backtrack-linux.org
  4. BackTrack Wiki, https://www.backtrack-linux.org/wiki/index.php/Main_Page
Please take a moment to share this post: Twitter, LinkedIn. Buy Me a Coffee. Thank you!