Penetration Testing mailing list archives

RE: Pentesting lab

From: "Swaminathan, Balaji" <Balaji.Swaminathan () kla-tencor com>
Date: Thu, 31 Dec 2009 00:33:20 +0530


Just curious to know if there are any distros for Windows like DVL for
Linux Probably with all the necessary packages like SQL, IIS, Exchange,
ASP/Dot Net etc inbuilt...?

Would be really great if someone can throw light on this.


Regards,

Balaji Swaminathan .M


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Robert Portvliet
Sent: Tuesday, December 29, 2009 5:41 AM
To: s3c.b3n
Cc: pen-test () securityfocus com
Subject: Re: Pentesting lab

In terms of webapp testing there's GOAT from OWASP, MOTH from Bonsai
Sec, Mutillidae from IronGeek, DVWA (Damn Vulnerable Web App) and the
'HackMe' series from Foundstone.

On the network side there's the De-ICE LiveCD's and DVL (Damn
Vulnerable Linux), also VMWare's marketplace has a bunch of VM images
you can download.





On Thu, Dec 24, 2009 at 9:09 AM, s3c.b3n <securitybender () gmail com>
wrote:

Hi all,

I'm just starting my career a security specialist. I'm interested in
creating my own penetration testing lab. To test exploits (metasploit
epically) I need some targets (vulnerable servers). Are there such
servers (VM images or ISOs) for general services like OWASP for web
apps? or are there any scripts or applications that can create those
vulnerabilities.

My main goal is to get familiar with the existing tools.

Thanks
--
s3c b3n

------------------------------------------------------------------------

This list is sponsored by: Information Assurance Certification Review

Board


Prove to peers and potential employers without a doubt that you can

actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified.


http://www.iacertification.org

------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review
Board

Prove to peers and potential employers without a doubt that you can
actually do a proper penetration test. IACRB CPT and CEPT certs require
a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
  - Re: Pentesting lab s3c.b3n (Jan 04)
  - RE: Pentesting lab Elliot Fernandes (Jan 04)
    - RE: Pentesting lab Swaminathan, Balaji (Jan 04)
    - RE: Pentesting lab Elliot Fernandes (Jan 05)
    - Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
    - Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
    - RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
    - Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
    - Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
    - RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)

(Thread continues...)