Penetration Testing mailing list archives
Re: a "good" vulnerability for educational purposes
From: "Kelly Keeton" <kellyrkeeton () gmail com>
Date: Mon, 18 Aug 2008 13:55:27 -0700
Also there are Live Cd's with things your looking for... http://de-ice.net/ http://www.damnvulnerablelinux.org/ no so but some... http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project On Mon, Aug 18, 2008 at 12:07 PM, Andre Amorim <decouk () gmail com> wrote:
Dear Trajce, My suggestion is ... Download some old softwares with bugs. https://www.securinfos.info/old_softwares_vulnerable.php then use metasploit to exploit it. Also there is a nice intro tutorial here showing how to write a exploit with metasploit framework. http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit All the best, Andre Amorim GnuPG KEY: 2048R/3E10FF47 Download: http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E10FF47 2008/8/18 <dimkovtrajce () yahoo com>:Hi, Our goal is to teach master students in computer security in pen testing remote servers. As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability. I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above. Can you point me to any "good" vulnerability for this purpose? Regards, Trajce ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- a "good" vulnerability for educational purposes dimkovtrajce (Aug 18)
- Re: a "good" vulnerability for educational purposes Andre Amorim (Aug 18)
- Re: a "good" vulnerability for educational purposes Kelly Keeton (Aug 18)
- Re: a "good" vulnerability for educational purposes Jorge L. Vazquez (Aug 19)
- Re: a "good" vulnerability for educational purposes eldraco (Aug 25)
- Re: a "good" vulnerability for educational purposes Kelly Keeton (Aug 18)
- <Possible follow-ups>
- Re: a "good" vulnerability for educational purposes edjenguele christian eric (Aug 18)
- Re: Re: a "good" vulnerability for educational purposes eladexposed (Aug 19)
- Re: a "good" vulnerability for educational purposes Andre Amorim (Aug 18)