Anyone aspiring to get into penetration testing/hacking either recreationally or professionally will realize rather quickly that they need something to practice on. Everyone, solves the what to practice with equation as soon as they see their friend using backtrack or watch a tutorial video on an attack. However, if you're interested in doing more than breaking your neighbors WEP key and telling your friends how l33t you are; you need a penetration testing lab that allows you to explore how deep the rabbit hole goes. This is where purpose built vulnerable Linux distributions, unpatched windows OS's, and web applications come into play. Currently, I run my penetration testing lab on virtual box. I use virtual box's internal network feature to keep my vulnerable virtual machines off of the web so I'm not vulnerable to the same kind of attacks I'm practicing. I run metasploitable, metasploitable 2.0, windows xp sp3 with mutillidae 2.1.20, Owasp broken web apps, and a few different flavors of Linux.
Setting up your own network is as easy as downloading. I will provide some links at the end of this post to get you started. All you have to do is follow virtual box's tutorial on setting up your DHCP server, install the virtual machines, configure the network connections to the internal network, and start hacking.
Addendum:
I would like to get a hold of a virtual machine with windows xp sp2, but so far that has been difficult. The virtual machine that I run right now came on a VDI and I have been unable to roll it back to SP2. Acquiring said machine would unlock an entire range of exploits to practice that are currently unavailable to me.
Metasploitable 2.0 comes with mutillidae, however, the version that it operates is 2.1.19 and doesn't seem to be vulnerable to the attacks that it should be vulnerable. Ironically this makes it broke. Hence my xp machine with mutillidae 2.1.20 which works perfectly fine.
Relevant links:
http://updates.metasploit.com/data/Metasploitable.zip.torrent
http://pirateproxy.net/torrent/7351991/Metasploitable_Linux_2.0.0
https://www.virtualbox.org/wiki/Downloads
I'll leave it to your imagination where you can aquire windows xp.
--------
Additional Vulnerable Boxes I have been unable to get to work myself:
http://www.linux23.com/torrent/damn-vulnerable-linux-1-5:03171b19d9be4de01746e73e73781334a60df848
http://code.google.com/p/hacktooldepot/downloads/list
I have had a lot of difficulty with these boxes and so far I have not been able to get them to install properly. Not for lack of trying on my part, but the DVL machine resists the fdisk process like a fat kid avoids the rope climb in gym class. The Ultimate Lamp machine, I don't even know where to get started on why that one is broke. Ultimate Lamp appears to install properly, but I cannot get anything on it to work. It is beyond my skills and patience at this point in time. If anyone could point me in the direction of a clean download for Ultimate lamp I would greatly appreciate it.
Setting up your own network is as easy as downloading. I will provide some links at the end of this post to get you started. All you have to do is follow virtual box's tutorial on setting up your DHCP server, install the virtual machines, configure the network connections to the internal network, and start hacking.
Addendum:
I would like to get a hold of a virtual machine with windows xp sp2, but so far that has been difficult. The virtual machine that I run right now came on a VDI and I have been unable to roll it back to SP2. Acquiring said machine would unlock an entire range of exploits to practice that are currently unavailable to me.
Metasploitable 2.0 comes with mutillidae, however, the version that it operates is 2.1.19 and doesn't seem to be vulnerable to the attacks that it should be vulnerable. Ironically this makes it broke. Hence my xp machine with mutillidae 2.1.20 which works perfectly fine.
Relevant links:
http://updates.metasploit.com/data/Metasploitable.zip.torrent
http://pirateproxy.net/torrent/7351991/Metasploitable_Linux_2.0.0
https://www.virtualbox.org/wiki/Downloads
I'll leave it to your imagination where you can aquire windows xp.
--------
Additional Vulnerable Boxes I have been unable to get to work myself:
http://www.linux23.com/torrent/damn-vulnerable-linux-1-5:03171b19d9be4de01746e73e73781334a60df848
http://code.google.com/p/hacktooldepot/downloads/list
I have had a lot of difficulty with these boxes and so far I have not been able to get them to install properly. Not for lack of trying on my part, but the DVL machine resists the fdisk process like a fat kid avoids the rope climb in gym class. The Ultimate Lamp machine, I don't even know where to get started on why that one is broke. Ultimate Lamp appears to install properly, but I cannot get anything on it to work. It is beyond my skills and patience at this point in time. If anyone could point me in the direction of a clean download for Ultimate lamp I would greatly appreciate it.
No comments:
Post a Comment