Simulating an External Penetration Test in a Virtualised Environment

Teaching core principles of penetration testing requires practical environments to exercise basic enumeration, exploitation and pivoting techniques. AllEndEvent is a fictitious virtual company that has been designed for that purpose. Based on VirtualBox or KVM, students can attack a simulated external company surface, move laterally to compromise a second server and even pivot into an internal network.

The provided files contain the necessary items to import the environment in VirtualBox and KVM respectively. It consists of three virtual machines and two networks that are isolated from the host system. The import is straight forward for both hypervisors and does not require any custom configuration.

In order to start attacking the network, the attacker VM should be placed in the external network (VirtualBox creates it on import, for KVM the network will be imported from XML) and be assigned a static IP of 10.0.5.10/24. Using snapshots is recommended.

Below is a list with root credentials for any sort of troubleshooting. Beware that the keyboard layout is set to QWERTZ by default.

# MailAllendevent (VirtualBox) | Mail (KVM):
root:il34BzzwaByy6cj2AwQG

# Allendevent (VirtualBox) | Web (KVM):
root:1H4t3MyJ0bL00lJustK1dd1ng!

# WikiAllendevent (VirtualBox) | Wiki (KVM):
root:JGEs4ecxDMJGeNLE2hE9

A writeup for the challenge has been published here.

IMPORTANT: The virtual machines provided here are intentionally left vulnerable to exploitation. Do NOT deploy them anywhere outside of a dedicated and isolated lab.