Getting Started

Welcome to the Course

We are glad to welcome you, and we’re happy you chose BreakinLabs Academy to sharpen your axe for pentesting!

Before you can begin, we would like to tell you some details on our labs and help you to get set up.
Please read this chapter carefully before you start.
Amongst other topics, you will learn how to download the VPN client, you will also learn how the reset portal and the dashboard work and what you can do, when you are stuck in a box.

We wish you a lot of success at the course and the labs. Have fun!

How the lab works

BreakinLabs Academy consists of a number of different hosts (also called boxes), which are divided into several subnets and simulate a fictitious company. Your system has access to the outermost subnet after logging into the VPN. You can imagine this as if you had successfully installed a Trojan on one of the employees’ computers. It is now your goal to attack the other machines on the network and steal a virtual flag located in the user/root or administrator directories, just like in a CTF (Capture the Flag) challenge.

You will be automatically assigned by our system to the exercise environment with the lowest population. In this way, we try to ensure that you can work as trouble-free as possible in the shared environment. Depending on the assigned environment, their IP address differs slightly from each other. The current IP address can be found on the website under Lab-Access.

At the moment the following addresses are available:

In the following window, we refer to the path with the deposited “.ova “from Parrot and confirm the proposed parameters.

After a few minutes, the virtual machine is ready and can be started by double-clicking on it.

Vio’la! The virtual machine is running and we can use it directly! The default login data is for both systems:
User: root
Pass: toor

Since both OS are available for download with a default password, we strongly recommend (!) to change the password at this point, since we cannot guarantee that you could not be attacked by another Lab user even in the Lab. This can be done using „sudo passwd <user>“ on the console. The command must be executed twice for newer versions of the operating systems mentioned, since the root account and the user account must be changed separately.
We have used a prepared virtual machine in this tutorial, which is often not up to date and should be updated as soon as possible. This can be done either by using the system update tool or the following bash command:

Box difficulties

We currently offer boxes in 3 different difficulty levels:

Easy:

These are systems in which the privileged account is often accessed directly via exploit. The exploits are kept simple and the systems are ideal for beginners.

Medium:

Systems in the Medium category are somewhat heavier than the Easy Boxes and have 2 to 3 levels to get through. For example, they must first take over a web application, then advance into a user account, and finally reach the privileges of an administrator or root. Exploits have to be adapted regularly to make them work.

Hard:

The boxes of Hard difficulty are difficult systems that require extensive knowledge and partially use defenses against exploits. These systems represent our king class and correspond to systems that you would encounter in a penetration test. They require you to significantly customize exploits, write new exploits, break cryptographic methods, and bang your head. Remember: Bang your head against the wall until you break through the wall!

Reset Portal 

It is not uncommon for a service or even a complete box to crash during a hacking attempt. It is also possible that the person who tried to break into the system before you left some files or even backdoors behind and did not remove them. For this reason, every box should be completely reset before your first scan. For this purpose, we have developed a reset portal that allows you to restore the hosts one by one to their original state. Additionally, the names, the IP addresses, the difficulties and the last reset time of the systems are displayed. For the login, you need the same login data as for the VPN.

A reset is possible every 15 minutes per box and user. The time limit applies because sometimes several people work on one host and this is for mutual respect.

Restriction and Rules

• BreakinLabs Academy is a shared network environment that requires the implementation of certain rules and behaviors.
• The provided infrastructure (entry firewall as well as reset portals) must not be atta- cked or the availability hindered.
• Any attacks on other users are prohibited.
• ARP poisoning and man-in-the-middle attacks on users are prohibited.
• All systems should be reset after the attack. All unnecessary changes to the hosts should be refrained from.
• Any illegal, inappropriate and abusive use of the website as well as the contents of BreakinLabs Academy are prohibited.
• Users are responsible for their username and password. The access data may not be shared and are not transferable.
• The Nettiqiette is to be observed (http://www.albion.com/netiquette/corerules.html). Insults, racist remarks and bullying on the platform are prohibited.
• Solutions, challenges and the structure of the hosts or the network may not be disclosed.
• Users are liable for all costs caused by the user’s conduct that would not otherwise be incurred or damages incurred by them as a result of improper use or non-compliance with these Terms of Use.

Hints:

• Use a strong password for your exploit system.
• Do not leave vulnerable files in your web directory.
• Make regular backups of your system in case of unexpected problems.

Legal Information:

Remember that all hacking techniques presented in the Lab and course material are illegal unless you use them against targets for which you have permission in a penetration test or from your employer. Be aware that when attacking services hosted by a third party, you are also assuming permission from the
third party. We recommend not to use the learned knowledge in an illegal way!

We only provide a learning environment for improving IT security and therefore cannot be
held responsible for illegal uses of learned techniques. You are completely responsible for
your own actions and BreakinLabs Academy or its employees cannot be held liable for misuse.

Certificates

Your efforts in the lab should of course be rewarded, which is why we currently offer two different certificates (Basic and Advanced). You can use these certificates to prove your knowledge in the area of penetretration tests and hacking and also use credit points at ISC2, EC-Council, ISACA and Co. For each certificate you will receive 40 CPE (ISC2 and ISACA) or 40 ECE for EC-Council after the corresponding submission.

The following tasks must be adhered to for all certificates:

1. Document the procedure of hacking the box in a professional penetration test report. There is a template at Lab_Report_basic_new.pdf.
2. The documentation must include a screenshot of the hostname, current user, local.txt and proof.txt, and IP address.
3. The user flags are located in the user directory (/home//local.txt) or in the web directory (/var/www/html/local.txt or /opt/tomcat/local.txt) or in the Windows directory (C:\Users\\Desktop\local.txt). The root flags are always located in the root directory (/root/proof.txt) or on the administrator’s desktop (C:\Users\Administrator\Desktop\proof.txt) under Windows. To display the flag, you can use the cat command on Linux and the type command on Windows.
4. When applying for multiple certificates for a user, hosts may not be submitted twice. Each host may only appear once in total in all documentation for a user.
5. Beginner boxes (Metasploitable, etc.) do not count towards the requirements of the certificates. The following tasks must be fulfilled specifically for the respective certificate:

Basic Certificate 

• Obtain the flags of the user and roots/admin accounts on 20 easy- and medium-boxes Advanced Certificate

Advanced Certificate

• Obtain the flags of the user and root/admin accounts on 20 medium and 5 hard boxes. 
• 10 systems have to be hacked manually (i.e. without auto-exploiting tools like Metasploit or SQLMap).

Then send us your finished documentation to: academy@breakinlabs.com.

An Expert certificate will be released in the course of 2021. This will include a time-dependent component in a dedicated lab.

Discord

For the exchange with other people in BreakinLabs Academy, we have created our own Discord server. Here you can talk about different attack techniques, networking topics, career topics and offtopic. We regularly start giveaways where you can win coins, subscription extensions or voucher codes. We recommend you to register on our server, because you can make much faster progress that way.

Use this direct link to the server: https://discord.gg/DrgUdXDFsG

Where is the best place to start?

In the previous chapters we showed you how to prepare your virtual machine and connect to BreakinLabs Academy. If you don’t have any knowledge of hacking, we recommend that you first go through the learning material to get a rough idea of the possibilities. The lab is designed according to the black box principle, which you will regularly encounter during penetration tests. You have to work through all the steps of a penetration test in each box and try to penetrate it. If you get stuck, you can either use our hints or try another box and return to the box later. For the beginning, we recommend to start with the easy boxes. Of course, if you already have hacking experience, you can get started right away in the Labs and use these materials for reference if you get stuck.