Having issues again today with the CHTP labs

secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
Not sure if anyone is having issues....
same issues like last time
tried to connect to 2 difft labs and same..

getting a little frustratin...

i just bought the OSCP voucher today so Im wondering shouild I pause the CTHP and pivot to the  OSCP?

Comments

  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Was using the THP labs a few minutes ago. Check the logs, what errors are you getting now? 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    Hi
    this is the output"
    p 18 00:04:33 2020 Windows version 10.0 (Windows 10 or greater) 64bit
    Fri Sep 18 00:04:33 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
    Fri Sep 18 00:04:36 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]68.233.248.243:37305
    Fri Sep 18 00:04:36 2020 Attempting to establish TCP connection with [AF_INET]68.233.248.243:37305 [nonblock]
    Fri Sep 18 00:06:36 2020 TCP: connect to [AF_INET]68.233.248.243:37305 failed: Unknown error
    Fri Sep 18 00:06:36 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
    Fri Sep 18 00:06:41 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]68.233.248.243:37305
    Fri Sep 18 00:06:41 2020 UDP link local (bound): [AF_INET][undef]:1194
    Fri Sep 18 00:06:41 2020 UDP link remote: [AF_INET]68.233.248.243:37305


    (*****************

    it was working fine this morning and early evening and now it has issues...
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    Hi chisone or anyone
    can you send me your config file so i can diff?
    thanks
    '
    i tried 4.6--->4.9  and failss
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    this what I have done:

    2.4.9 version:

    1). edited the config fle:  added: cipher AES-256-CBC
    2), Starred openvpn :  iles\OpenVPN\bin>openvpn --cipher AES-256-CBC --config C:\Digital\Hunting_with_IOCs_2694.ovpn
    Fri Sep 18 09:37:22 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020
    Fri Sep 18 09:37:22 2020 Windows version 6.2 (Windows 8 or greater) 64bit
    Fri Sep 18 09:37:22 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
    Enter Auth Username:jeffgo888
    Enter Auth Password:
    Fri Sep 18 09:37:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]162.254.145.243:42477
    Fri Sep 18 09:37:28 2020 Attempting to establish TCP connection with [AF_INET]162.254.145.243:42477 [nonblock]
    Fri Sep 18 09:39:28 2020 TCP: connect to [AF_INET]162.254.145.243:42477 failed: Unknown error
    Fri Sep 18 09:39:28 2020 SIGUSR1[connection failed(soft),init_instance] received, process restarting
    Fri Sep 18 09:39:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]162.254.145.243:42477
    Fri Sep 18 09:39:33 2020 UDP link local (bound): [AF_INET][undef]:1194
    Fri Sep 18 09:39:33 2020 UDP link remote: [AF_INET]162.254.145.243:42477



  • yoba222yoba222 Senior Member Member Posts: 1,230 ■■■■■■■■□□
    OSCP lab time is expensive and I'd pause the other. 90 days = $800, that's $8.88 per day!
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    @yoba222
    so your recommending pausing THP for now? i tend to agree...im sorry. i dont wanna sound preeny but I have tried pretty much everything and I shoild be spending this time learning in Labs insttead of fixing this and the support from eLearn...they respond maybe ONCE a day
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    implanning to do the HTB and VHL probably now and start and then start the OSCP...got the voucher already soi can start anytime.   This experience so far with eLearn is...
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Have you downloaded the newer openvpn file for your lab? if not reset it and download a new openvpn profile. 

    [email protected]:~/Sync/elearnsecurity/thpv2/ovpn_files# openvpn Hunting_with_Splunk_Lab_1_2712.ovpn 
    Thu Sep 17 21:34:13 2020 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May  2 2020
    Thu Sep 17 21:34:13 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
     Enter Auth Username: 
     Enter Auth Password:               
    Thu Sep 17 21:34:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]68.233.248.243:36090
    Thu Sep 17 21:34:17 2020 Attempting to establish TCP connection with [AF_INET]68.233.248.243:36090 [nonblock]
    Thu Sep 17 21:34:18 2020 TCP connection established with [AF_INET]68.233.248.243:36090
    Thu Sep 17 21:34:18 2020 TCP_CLIENT link local: (not bound)
    Thu Sep 17 21:34:18 2020 TCP_CLIENT link remote: [AF_INET]68.233.248.243:36090
    Thu Sep 17 21:34:19 2020 [Hera Openvpn Cluster] Peer Connection Initiated with [AF_INET]68.233.248.243:36090
    Thu Sep 17 21:34:20 2020 TUN/TAP device tap0 opened
    Thu Sep 17 21:34:20 2020 /sbin/ip link set dev tap0 up mtu 1500
    Thu Sep 17 21:34:20 2020 /sbin/ip addr add dev tap0 172.16.84.10/24 broadcast 172.16.84.255
    Thu Sep 17 21:34:20 2020 Initialization Sequence Completed
    Thu Sep 17 22:01:36 2020 Connection reset, restarting [0]
    [email protected]:~/Sync/elearnsecurity/thpv2/ovpn_files# openvpn Hunting_with_Splunk_Lab_2_2713.ovpn 

    Thu Sep 17 22:13:25 2020 OpenVPN 2.4.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May  2 2020
    Thu Sep 17 22:13:25 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
     Enter Auth Username: 
     Enter Auth Password:              
    Thu Sep 17 22:13:30 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.46.22.139:41245
    Thu Sep 17 22:13:30 2020 Attempting to establish TCP connection with [AF_INET]69.46.22.139:41245 [nonblock]
    Thu Sep 17 22:13:31 2020 TCP connection established with [AF_INET]69.46.22.139:41245
    Thu Sep 17 22:13:31 2020 TCP_CLIENT link local: (not bound)
    Thu Sep 17 22:13:31 2020 TCP_CLIENT link remote: [AF_INET]69.46.22.139:41245
    Thu Sep 17 22:13:31 2020 [Hera Openvpn Cluster] Peer Connection Initiated with [AF_INET]69.46.22.139:41245
    Thu Sep 17 22:13:33 2020 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Thu Sep 17 22:13:33 2020 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
    Thu Sep 17 22:13:33 2020 TUN/TAP device tap0 opened
    Thu Sep 17 22:13:33 2020 /sbin/ip link set dev tap0 up mtu 1500
    Thu Sep 17 22:13:33 2020 /sbin/ip addr add dev tap0 172.16.84.10/24 broadcast 172.16.84.255
    Thu Sep 17 22:13:33 2020 Initialization Sequence Completed

    By the way Kali linux already comes preloaded with Openvpn, are you installing a certain version? I have never needed to "install" openvpn on kali. 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    Hi sir
    i tried with the 2 betas and also the 2.4.6 until the 9 version 
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    openvpn.exe --data-ciphers BF-CBC --config C:\Digital\Hunting_Web_Shells_Part_2_2699.ovpn
    2020-09-18 12:59:50 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (BF-CBC). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
    2020-09-18 12:59:50 OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020
    2020-09-18 12:59:50 Windows version 10.0 (Windows 10 or greater) 64bit
    2020-09-18 12:59:50 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
    Enter Auth Username:jeffgo888
    Enter Auth Password:
    2020-09-18 12:59:56 TCP/UDP: Preserving recently used remote address: [AF_INET]68.233.248.243:37305
    2020-09-18 12:59:56 Attempting to establish TCP connection with [AF_INET]68.233.248.243:37305 [nonblock]
    2020-09-18 13:00:22 SIGTERM[hard,init_instance] received, process exiting

    C:\Program Files\OpenVPN\bin>
    C:\Program Files\OpenVPN\bin>
    C:\Program Files\OpenVPN\bin>
    C:\Program Files\OpenVPN\bin>
    C:\Program Files\OpenVPN\bin>openvpn.exe  --config C:\Digital\Hunting_Web_Shells_Part_2_2699.ovpn
    2020-09-18 13:00:28 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
    2020-09-18 13:00:28 OpenVPN 2.5_beta4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 11 2020
    2020-09-18 13:00:28 Windows version 10.0 (Windows 10 or greater) 64bit
    2020-09-18 13:00:28 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
    Enter Auth Username:jeffgo888
    Enter Auth Password:
    2020-09-18 13:00:33 TCP/UDP: Preserving recently used remote address: [AF_INET]68.233.248.243:37305
    2020-09-18 13:00:33 Attempting to establish TCP connection with [AF_INET]68.233.248.243:37305 [nonblock]



  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    RESOVED!   Changed VPN client to  Viscosity....and IM up and running now
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Nice work! Why are you using Windows? sorry if you already explained yourself in the other post. 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    Hi sir Chisone:  My laptops are windows and my Virtualboxes are Kali ofc.... im open to suggestions and the Lab is RDP  windows on the THP ones.
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Windows or Linux for THP is fine. Yeah all labs are RDP into windows machines. 

    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    I’m digging into the IOC lessons and reviewing back the web shells as well. It’s amazing what you can learn and everyone reading needs to know that you gotta research too lol. 
  • yoba222yoba222 Senior Member Member Posts: 1,230 ■■■■■■■■□□
    edited September 2020
    secureckb said:
    implanning to do the HTB and VHL probably now and start and then start the OSCP...got the voucher already soi can start anytime.   This experience so far with eLearn is...
    Ahh okay I didn't realize you hadn't started PWK yet. You can't really pause the PWK (or VHL) once it starts, but since eLearn is by the hour, you can do that at your own pace. Though this seems to be kind of a curse, because then people procrastinate and then drag out finishing the eLearn course for a year or two.

    As far as order to do them all, I don't know how CHTP would fit in because I've never done it and only exposed to eJPT. But the order VHL then OSCP I think is very good as I've experienced both firsthand. I'd even skip HTB altogether and go right into VHL because they teach a methodology and the course is only a couple of hundred pages.

    I should add: I wouldn't do two courses simultaneously and instead stick to one -- course material during the week and labs on the weekend I've found to be a good balance too.
    A+, Network+, CCNA, LFCS,
    Security+, eJPT, CySA+, PenTest+,
    Cisco CyberOps, GCIH, VHL,
    In progress: OSCP
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    To add to what @yoba222 mentioned. 

    THPv2, VHL, OSCP, exam retakes, you are looking at a minimum 12-16 months of work here. Depending on your level of experience I could see 8-12 months is doable. Not that you have indicated, but just a friendly reminder to not tackle these simultaneously. 

    You will experience failure on your journey. Don't get frustrated and give up. The path you choose is difficult.
    • THPv2 is difficult (not entry level) from a blue team perspective.
    • VHL is entry-mid level difficulty (Very difficult if you have zero pentesting experience).  
    • PWK 2020 is mid level difficulty (this is not CEH or eJPT). 
    If you are very experienced in pentesting and looking to knock these certs out in 1 month each. Why even waste your time, should have jumped straight into XDS, OSCE, PTXv2, SANS GXPN, Pentester Academy PACES, or take Corelan's  exploit dev courses. 

    Good luck on your journey. 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    Hi @yoba222
    yes i agree 1000% with you. for OSCP PWK, I only paid for the voucher..havent started the course yet.    Yes my plan is complete the THP., then take the exam and then go right to PWK OSCP... by h2olidays eveyrting slows down so I will have time..:)   BTW... inmteresting post on elearn IHRP program,..lots of complaints about the content.
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    Hi Chrisone sir
    im putting in the work for sure and don’t mean to belittle each one and I’m so glad in your experience you rated each one course so that’s makes me feel better that can tackle now and grade my comfort level
    Thank you
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Cool, how much lab access do you have for PWK and did you get PWK2020 course materials? Sorry I was a little confused on the statement about just purchasing a voucher. 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    I bough 60 days lab so basically you pay for the voucher and when your ready you redeem if for the course and then you start and yes sir, I bought the entire course for $1200 or so
  • chrisonechrisone Senior Member Member Posts: 2,217 ■■■■■■■■■□
    Very cool! After you are done with THP, your plan for VHL to PWK is nice and will transition very well. You got this buddy! 
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User (obtained), Splunk Enterprise Sys Admin
  • secureckbsecureckb Member Posts: 63 ■■■□□□□□□□
    thank you sir.....one step at a time ....no quarters given..
Sign In or Register to comment.