Re: a "good" vulnerability for educational purposes

["Jorge L. Vazquez" <jlvazquez825 () gmail com>]

Kelly Keeton wrote:
> Also there are Live Cd's with things your looking for...
>
> http://de-ice.net/
> http://www.damnvulnerablelinux.org/
>
> no so but some...
>
> http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project
>
>
> On Mon, Aug 18, 2008 at 12:07 PM, Andre Amorim <decouk () gmail com> wrote:
>   
> > Dear Trajce,
> > My suggestion is ...
> > Download some old softwares with bugs.
> > https://www.securinfos.info/old_softwares_vulnerable.php
> >
> > then use metasploit to exploit it.
> > Also there is a nice intro tutorial here showing how to write a
> > exploit with metasploit framework.
> > http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit
> >
> >
> > All the best,
> > Andre Amorim
> > GnuPG KEY: 2048R/3E10FF47
> > Download:
> > http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E10FF47
> >
> > 2008/8/18  <dimkovtrajce () yahoo com>:
> >     
> > > Hi,
> > >
> > > Our goal is to teach master students in computer security in pen testing remote servers.
> > >
> > > As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is 
> > > recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit 
> > > the vulnerability.
> > >
> > > I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements 
> > > above.
> > >
> > > Can you point me to any "good" vulnerability for this purpose?
> > >
> > >
> > >
> > > Regards,
> > > Trajce
> > >
> > >
> > > ------------------------------------------------------------------------
> > > This list is sponsored by: Cenzic
> > >
> > > Top 5 Common Mistakes in
> > > Securing Web Applications
> > > Get 45 Min Video and PPT Slides
> > >
> > > www.cenzic.com/landing/securityfocus/hackinar
> > > ------------------------------------------------------------------------
> > >       
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Top 5 Common Mistakes in
> > Securing Web Applications
> > Get 45 Min Video and PPT Slides
> >
> > www.cenzic.com/landing/securityfocus/hackinar
> > ------------------------------------------------------------------------
> >
> >
> >     
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Top 5 Common Mistakes in 
> Securing Web Applications
> Get 45 Min Video and PPT Slides
>
> www.cenzic.com/landing/securityfocus/hackinar
> ------------------------------------------------------------------------
>
>
>   
like someone suggested here de-ice live cd is a good platform to do
pentesting, my personal opinion I would install an old version of
windows server like windows 2000 server (unpatched--no SP's)as it
resembles what you would find in a live production environment, and
install as many services/applications as you want (IIS, ftp, telnet,
etc...) and that could be the setup for the target, as far as what to
use for pentesting, you could take a look at backtrack, knoppix-std....
and if you put all this in a vmware even better, after you bring the
server to its knees all you got to do is revert to snapshot, and you got
your brand new server ready to be destroyed again...

just my two cents.

thanks

Jorge L. Vazquez
MCSE, CCNA, A+
www.pctechtips.org


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------