Welcome to the Course

We are glad to welcome you, and we’re happy you chose BreakinLabs Academy to sharpen your axe for pentesting!

Before you can begin, we would like to tell you some details on our labs and help you to get set up.
Please read this chapter carefully before you start.
Amongst other topics, you will learn how to download the VPN client, you will also learn how the reset portal and the dashboard work and what you can do, when you are stuck in a box.

We wish you a lot of success at the course and the labs. Have fun!

As already mentioned, we use Parrot OS as the operating system in this manual

After downloading Parros OS and installing VirtualBox, the downloaded “.ova “can be imported. To do this, we first click Import:

In the following window, we refer to the path with the deposited “.ova “from Parrot and confirm the proposed parameters.

After a few minutes, the virtual machine is ready and can be started by double-clicking on it.

Vio’la! The virtual machine is running and we can use it directly! The default login data is for both systems:
User: root
Pass: toor

Since both OS are available for download with a default password, we strongly recommend (!) to change the password at this point, since we cannot guarantee that you could not be attacked by another Lab user even in the Lab. This can be done using „sudo passwd <user>“ on the console. The command must be executed twice for newer versions of the operating systems mentioned, since the root account and the user account must be changed separately.
We have used a prepared virtual machine in this tutorial, which is often not up to date and should be updated as soon as possible. This can be done either by using the system update tool or the following bash command:

sudo apt-get update && sudo apt-get upgrade

by e-mail:

by account management:

The connection to the learning environment is established via VPN. We recommend the use of „openfortivpn“, which was published by adrienverge on Github.

Kali Linux

Installation from Source

 

1. Clone the Repository:
git clone https://github.com/adrienverge/openfortivpn

2. Install Dependencies:
sudo apt-get install gcc automake autoconf libssl-dev make pkg-config

3. Run Installation:
./autogen.sh
 ./configure --prefix=/usr/local --sysconfdir=/etc
 make
 sudo make install

4. Connect to the VPN-Server
sudo openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert 
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

Blackarch

Run all commands as root or with sudo

Installation via Repository

 

1. Installation via pacman
pacman -S openfortivpn
2. Connect to the VPN-Server
openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert 
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

Installation from Source

 

1. Install dependencies
pacman -S gcc automake autoconf openssl pkg-config
2. Clone the repository
git clone https://github.com/adrienverge/openfortivpn

3. Run Installation
./autogen.sh
./configure --prefix=/usr/local --sysconfdir=/etc
make
sudo make install
4. Connect to the VPN Server
sudo openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

 

Backbox

Installation via Repository

 

1. Install package via apt
sudo apt update
sudo apt install openfortivpn
2. Connect to the VPN-Server
sudo openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

Installation from Source

 

1. Clone the Repository:
git clone https://github.com/adrienverge/openfortivpn

2. Install Dependencies:
sudo apt-get install gcc automake autoconf libssl-dev make pkg-config

3. Run Installation:
./autogen.sh
 ./configure --prefix=/usr/local --sysconfdir=/etc
 make
 sudo make install

4. Connect to the VPN-Server
sudo openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert 
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

Parrot

Installation via Repository

 

1. Install package via apt
sudo apt update
sudo apt install openfortivpn
2. Connect to the VPN-Server
sudo openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert 
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

Installation from Source

 

1. Clone the Repository:
git clone https://github.com/adrienverge/openfortivpn

2. Install Dependencies:
sudo apt-get install gcc automake autoconf libssl-dev make pkg-config

3. Run Installation:
./autogen.sh
 ./configure --prefix=/usr/local --sysconfdir=/etc
 make
 sudo make install

4. Connect to the VPN-Server
sudo openfortivpn vpn01.breakinlabs.com -u <user> --trusted-cert 
8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

You can also automate the login with openfortivpn . The easiest way is to put the login data in the config file of openfortivpn. You can find this file under „/etc/openfortivpn/config“, and
it can be easily edited using nano.

Please add the data in your file as shown in the following screenshot:

For faster copying:

host = vpn01.breakinlabs.com
port = 443
username = <your username>
password = <your userpassword>
trusted-cert = 8fa8ef4130142ee11c3589df695a4108a131de76ff84cdbe61dde27d0192cabf

The last line is necessary because our HTTPS certificate, which is used for VPN encryption, is not in the local whitelist of your new Parrot or Kali installation. So that you don’t have to waste your time with a new certificate, we recommend you to add it via the config file.

In the future, only a short command will be required to establish the VPN connection:

sudo openfortivpn

The finished VPN connection is displayed as in the following screenshot. We have marked the place where you can already find your IP address in BreakinLabs Academy:

The following IP addresses are assigned in the respective portals:

Lab:
Lab1
User IP address:
10.1.1.0/24
Lab:
Lab2
User IP address:
10.2.2.0/24
Lab:
Lab3
User IP address:
10.3.3.0/24
Lab:
Lab4
User IP address:
10.4.4.0/24
resetportal hacking labs pentesting labs

It is not uncommon for a service or even a complete box to crash during a hacking attempt. It is also possible that the person who tried to break into the system before you left some files or even backdoors behind and did not remove them. For this reason, every box should be completely reset before your first scan. For this purpose, we have developed a reset portal that allows you to restore the hosts one by one to their original state. Additionally, the names, the IP addresses, the difficulties and the last reset time of the systems are displayed. For the login, you need the same login data as for the VPN.

A reset is possible every 15 minutes per box and user. The time limit applies because sometimes several people work on one host and this is for mutual respect.

 

In order to avoid overlapping, we provide four parallel labs. Every user gets assigned to one of them with the registration. Your login information only works for your lab, so be careful to follow the right IP address.

 

Get to the Reset Portal

To find the reset portal, you just need to use the following IP address:  

After that, use your Lab Access credentials from the
My Account page to log in to the reset portal.

Details

Besides the name, IP address and difficulty, you can also find out how many users managed to get into the hosts and how hard this was for them.

Track your Progress

 

You can track your own progress and unlock the boxes by entering the right hash key.

Hints

 

If you are stuck you have the possibility to buy hints for your coins.

How can I earn coins?

If you need additional coins, you can earn them by becoming active in our community. 

  1. Twitter: write a tweet about your experience at the Lab using the hashtags „#infosec“, „#itsec“, „#cybersecurity“ and the link to „breakinlabs.com/academy“. Pay special attention to the upper and lower case letters, as we automatically recognize the tweets and only in this way can we ensure that you will receive your coins. This action is possible once per 12 hours and secures you 100 coins.
  2. Discord: Write useful answers to other users’ questions on our Discord server and earn 100 coins
    after 2 „Thumbs-Up“.
  3. Blog: Write a blog entry about our website with at least 1000 characters and then send us the link to academy@breakinlabs.com. This will secure you a whole 1,000 coins!

We only provide a learning environment for improving IT security and therefore cannot be
held responsible for illegal uses of learned techniques. You are completely responsible for
your own actions and BreakinLabs Academy or its employees cannot be held liable for misuse.