Duration

Duration

Monday to Friday
11 am to 7 pm

Eligibility

Eligibility

N/A

Course Fees

Lab Fees

Rs.100/day
Rs.2000/month

What is penetration Testing Lab?

Most of the Ethical Hackers/IT Security professionals wants to practice or test their hacking and pentest skills. But sadly there is no Penetration Testing lab that is available to test. At Indian School of ethical Hacking we have designed a unique penetration testing lab which consists of a number of Systems connected over the same network, which are inherently vulnerable. There are multiple Linux machines, Windows machines as well as a Mac OSX Yosemite machine.

Access to the Penetration Testing Lab is provided by means of a PPTP VPN Connection. The simplest way to do this is to create a new VPN Connection from the Windows Network Settings option and use the following details:

To access your Penetration Testing Lab:
  • VPN Type: PPTP (not needed on Windows)
  • Pass all traffic: Disabled (not needed on Windows)
  • Encryption Type: Maximum (not needed on Windows)
  • Server Name: isoeh-nptlab.ddns.net
  • Username and password to be provided upon enrolment
Enroll Now!
What's in the Penetration Testing(PT) Lab?

Our PT Lab contains a huge variety of machines running different OSes, custom made vulnerable Operating Systems and different sets of patches and services.

OS including:

  • Windows Server 2000
  • Windows Server 2003
  • Windows Server 2008
  • Windows XP (non SP)
  • Windows XP SP3
  • Windows XP SP2 x64
  • Windows 7
  • Windows 8
  • Ubuntu 5.04
  • Ubuntu 11.04
  • Ubuntu 12.04
  • CentOS
  • OpenBSD
  • Debian 7

Services and other Miscellaneous features:

  • SMBv1 and SMBv2 (Multiple vulnerable versions)
  • smbd
  • FTP (vulnerable versions, back-doored versions and anon credentials)
  • SSH (Bruteforce-able credentials)
  • Telnet (Can be bruteforced)
  • RDP
  • RPC
  • Vulnerable and older Linux kernels
  • BWApp and other custom built vulnerable web-applications which can be used to root/shell the server
  • Vulnerable VPN Server
  • Heartbleed and Shellshock vulnerable machines
  • System containing vulnerable versions of various tools such as VLC, MS Office, Adobe Reader and many others, for shell-dropping

Vulnerabilities and Permitted Tools:

Since this is a custom built vulnerable framework, it has many ways for the user to gain access by exploiting and daisy-chaining a number of vulnerabilities. Not all of them are straight-forward or implement a single vulnerability. Also information collected about the network in general will almost always help you pwn the other machines in the NPT Lab network. Some common vulnerabilities in the NPT Lab network include:

  • CVE-2013-2718
  • CVE-2013-2719
  • CVE-2013-2720
  • CVE-2013-2721
  • CVE-2013-2723
  • CVE-2013-2725
  • CVE-2013-2726
  • CVE-2013-2731
  • CVE-2013-2732
  • CVE-2013-2734
  • CVE-2013-2735
  • CVE-2013-2736
  • CVE-2013-3337
  • CVE-2013-3338
  • CVE-2013-3339
  • CVE-2013-3340
  • CVE-2013-3341
  • CVE-2008-4250
  • CVE-2009-2532
  • CVE-2008-4834
  • CVE-2008-4835
  • CVE-2008-4114
  • and many others

Most tools are permitted inside the NPT Lab, except for ARP Poisoning Tools or DOS Exploits. If such an attack is detected, your VPN Account will automatically be locked for a duration of 1 hour or more. Also keep in mind there are others using the lab, and keeping your own exploit or files installed on a target machine will not be very helpful for their personal usage. Also the VMs are reset everyday at 10am and no changes are saved. Permitted tools include:

  • Vulnerability Scanners
  • Network Scanners
  • Metasploit/Armitage
  • Nmap and port scanners

 

Enroll Now

Fields marked with * are mandatory.

Workshop Seminar Newspaper Internet Facebook Others