Laboratory Setup Help (RS)

["Arturo \"Buanzo\" Busleiman" <buanzo () buanzo com ar>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=- To moderator -=
Moderator, my last post didn't go thru because you told me to search the
archives. I did that, and found a couple of results, but I kindly request
you to let this post pass, as my findings weren't exactly what I needed.
*please* :)
=- EOM

Hello world's pen-testers!

I was employeed last month by a company who wants to setup a Pen-Test
laboratory that I will lead. The environment would be an homogeneous
GNU/Linux network.

What I need is you to recommend versions of the following
packages/combinations: FTP, Apache/Cgi/MySQL, DNS, sendmail, etc

that are remotely exploitable for gaining shell access (or the possibility
to execute commands on the remote system), AND some local exploits to
acquire root privileges.

Of course, if you can lead me to specific documentation regarding the
exploits of those packages versions, I will greatly appreciate it and be
most thankful.

Thank you very much to all of you!

Arturo "Buanzo" Busleiman
- -=( RareGaZz-Team Member )=-
GNU/Linux USERS, MP Ediciones
GNU's es_AR Translation Team Leader
Moderador de Seguridad () alipso com
Turcin Soluciones Informaticas http://www.turcin.com.ar
http://www.buanzo.com.ar
PGP/GnuPG Public Key available at horowitz.surfnet.nl

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8WCjI+kypiSoPpFoRAorxAJ47A3y5H7PMeNDRg154XwHqznvNdwCfcTcA
4OvlZoAueBCUXWCCPTEwvTM=
=1Mku
-----END PGP SIGNATURE-----


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/