Starting Point is our newest box collection aimed at preparing new user in the penetration testing career path to tackle the most common up-to-date configuration issues an auditor might find during a security assessment.
It’s split into two halves, one available to all users where the other is restricted to VIP members only.
These would be the blue tickets, as pictured below:
Once you switch servers, you will need to download the resulting .ovpn pack from the Starting Point server you are assigned to.
If you get lost in this process, don’t worry. Starting Point has a tutorial wizard for all new members which you can navigate through the step-by-step process of selecting a VPN server, scanning and enumeration, getting the initial foothold, privilege escalation and post exploitation.
If you experience any issues with your VPN connection, please check out the article below:
To follow the step-by-step user guide to configuring and accessing your Starting Point lab, you can navigate directly to the respective link, skipping the VPN configuration on the Access page.
You will be met with the first page of the wizard.
On the next page is the promised VPN Connection guide. Here you can select the server closest to your geolocation and proceed with generating and downloading your Starting Point connection pack (.ovpn file), which you will use with the preinstalled openVPN script on your Kali Linux / ParrotOS (or whichever Linux flavour you prefer).
The following pages are self-explanatory. They will walk you, in detail, through the needed steps to complete the first box. Once you are done with this wizard, you can click on the Hide Tutorial button and continue with the rest of the box line-up.
Take a note that this lab aims to be approachable by newer users while at the same time providing a higher level of realism and logical connection between each box.
Once you reach the user.txt and root.txt flags for one box, note that you’re not done yet! You still have some hidden credentials that will help you for the next box in the line-up.
These credentials are placed in semi-typical places where you might find important information in a real life scenario as well.