Why do we have to use OpenVPN and not have boxes public facing?

So, I get its probably better to have everything segregated into one private network, but can’t the boxes be public facing? Why not make it easier and just making it public facing to have a more ‘real’ approach? I know its not hard to download an OpenVPN client but just wondered. Am I being stupid and missing something? You can segregate it through AWS EC2 VPC’s the same right?

I am not hating, as having internal IP’s makes it cleaner. Just wondering why we do it through a VPN?

Oh and surely its not for encryption as its hacking a deliberately vulnerable system.

@bens said:
Just wondering why we do it through a VPN?

You don’t need your remote server to get your reverse shell. This is the greatest feature of all time :wink:

Three reasons I can think of are the following:

  1. If the machines were public then everyone, even non-htb members would be able to access them and even abuse them (e.g. DOS etc…)

  2. If we didn’t use a vpn-client then it would be much more difficult (e.g. port forwarding demanded etc…) to handle the connection of a reverse shell or a metasploit-exploit.

  3. In case anyone didn’t use a VPN or a proxy, then his real IP address would probably (through the exploit used) be exposed publicly to the other members that would be on the target machine the same time.

@game0ver said:
Three reasons I can think of are the following:

  1. If the machines were public then everyone, even non-htb members would be able to access them and even abuse them (e.g. DOS etc…)

  2. If we didn’t use a vpn-client then it would be much more difficult (e.g. port forwarding demanded etc…) to handle the connection of a reverse shell or a metasploit-exploit.

  3. In case anyone didn’t use a VPN or a proxy, then his real IP address would probably (through the exploit used) be exposed publicly to the other members that would be on the target machine the same time.

Yeah, I had an idea where in which you could segregate many copies of the box on one system, but it makes it way more difficult.

Thank you for your feedback. Thats the answer I was looking for.

In some countries the use of the tools and exploits is monitored by ISPs and highlighted as a Terms of Use violation

@game0ver said:
Three reasons I can think of are the following:

  1. If the machines were public then everyone, even non-htb members would be able to access them and even abuse them (e.g. DOS etc…)

  2. If we didn’t use a vpn-client then it would be much more difficult (e.g. port forwarding demanded etc…) to handle the connection of a reverse shell or a metasploit-exploit.

  3. In case anyone didn’t use a VPN or a proxy, then his real IP address would probably (through the exploit used) be exposed publicly to the other members that would be on the target machine the same time.

Another aspect I think too, is that this is an environment for people to learn and explore, and accidentally mis-typing an IP can have very unfortunate consequences.

Additionally, it’s tricky enough sometimes trying to cohab with other people on the same box at the same time sometimes with people modifying source files, requesting resets and changing access credentials, let alone opening these boxes up to the web where anyone else could also get on these boxes.

@game0ver said:
Three reasons I can think of are the following:

  1. If the machines were public then everyone, even non-htb members would be able to access them and even abuse them (e.g. DOS etc…)

  2. If we didn’t use a vpn-client then it would be much more difficult (e.g. port forwarding demanded etc…) to handle the connection of a reverse shell or a metasploit-exploit.

  3. In case anyone didn’t use a VPN or a proxy, then his real IP address would probably (through the exploit used) be exposed publicly to the other members that would be on the target machine the same time.

Yeah, the port forwarding alone would turn off multiple users to the challenges.