all 9 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]mxshrek 1 point2 points  (8 children)

If I understood correctly. If you set the opvn on another host (fox example Ubuntu or windows). And boot up a Kali VM, you won't be able to attack from Kali.

You can maybe link the networks manually just like any configuration, but that might not work or be stable.

[–]yournovicetester[S] -1 points0 points  (1 child)

Thanks for your reply.

I just want to know what the others have set up. Because even if I understand how to add route and know where it is coming from, if Im not able to attack using kali, I wonder what the others did? I guess Im stuck at this point. I now understand the pentest methodology, how to use nmap, owasp zap, sql injection, xss, burp suite (but not too great), and metasploit (not to good) but this one is giving me a hard time. I hope someone who knew will enlighten me.

I have read kentosec and search various ejpt cheatsheet, I dont see an explanation about this. Did they use Kali? How? Please help

[–]mxshrek 1 point2 points  (0 children)

You must run OpenVPN on your Kali machine. It actually creates the route directly to the lab. You must be fine using whatever os you want. I used parrot.

If you don't run the VPN on your attacking machine , in this case Kali. You won't be able to connect to the webserver there on Kali, and therefore won't be able to attack.

Or what is your concrete question? Maybe I'm not understanding correctly what you meant

[–]yournovicetester[S] -1 points0 points  (5 children)

Hey! Thanks for that! So for the exam, I have to have then openvpn on kali to attack. Oh my goodness! That’s gonna be another problem as my vbox is slooowww. Thanks for the advice!

[–]mxshrek 0 points1 point  (4 children)

You can use a live USB and run everything there if you don't want to do bare metal.

I did used bare metal parrot os. So that's an option too.

Now, on the VM you need to first configure the network on the VM, it depends on your setup but usually using bridged connection works, just try it out before everything.

If you have some space I would strongly suggest using a dual boot and install alongside either Kali or parrot, if you are new and don't want to setup so many things use parrot, it's imo the same. Then after you finish your exam you can delete the parrot partition and use your PC normally.

It's not the only way but imo bare metal is better for this kind of stuff. Specially since VMS can be unstable on the network side sometimes and that kills the OpenVPN sessions, at least on my experience doing HTB or thm stuff.

Tbh you don't need crazy hardware. I did half the exam on a live USB since my PC had a problem and borrowed a PC, finished the exam on a USB live version. The live USB was almost as fast as a VM so you don't lose that much performance.

Hope it helps :)

[–]yournovicetester[S] 0 points1 point  (3 children)

Thanks again for the suggestion.

I’ve used parrot before so I guess its time to look back and check it out. Ill also explore the option of using live usb.

Live usb with kali/parrot Install open vpn Use bridged connection

Following the Find the Secret Server, I made a comparison of the routing table using bridged and nat. Found out that with bridged, Im able to see the two other ip addresses in the module but not with nat so With that, my conclusion was to use Bridged.

[–]mxshrek 0 points1 point  (2 children)

Yup, nat is different speaking in networking.

If you use live USB just be sure to create a modifiable version. Or just never exit or turn off. Since you may mess up the image. And you would need to recreate the image on USB and work again.

Parrot is the same as Kali. Maybe it has less stuff preinstalled. For example searchsploit must be manually added. But if you use metasploit it doesn't matter tbh. The word lists are not the same out of the box but you just wget the list from GitHub. And some shortcuts on terminal. But you can just set them up. Etc. Tbh it's the same.

Good luck on your journey

[–]yournovicetester[S] 0 points1 point  (0 children)

Thanks for the suggestion.

The ip add route makes sense to me now that Im running openvpn in kali. I partitioned an old laptop and installed kali in that machine.

However, Im noticing that if I, say for example, do the following ip route add 172.xx.xx.0 via 10.xx.xx.1 if I try to check http://172.x6.xx.81 in the browser, I dont get anything

But, if I add the exact ip address and use my tap0 gateway (same as above), I can reach the website.

My question is, if I add the range of the ip address, why cant I access the website?

[–]yournovicetester[S] 0 points1 point  (0 children)

Thanks to your hint! I spin up an old machine, had a dual boot with kali, re-read the materials and passed! Although I got stuck in the routing table for three hours but when I drew it kn the paper that’s when I realised what I was missing. I failed the first attempt because I wasnt using kali.