Penetration Testing mailing list archives
Re: Pentesting lab
From: "s3c.b3n" <securitybender () gmail com>
Date: Sun, 3 Jan 2010 16:27:50 +0530
Hi, I really appreciate the information that everyone of you gave me. Thanks a lot everyone. I found the Metasplit Unleashed (www.offensive-security.com/metasploit-unleashed/) also talks about making a vulnerable WinXP machine. Thanks On Thu, Dec 31, 2009 at 12:33 AM, Swaminathan, Balaji <Balaji.Swaminathan () kla-tencor com> wrote:
Just curious to know if there are any distros for Windows like DVL for Linux Probably with all the necessary packages like SQL, IIS, Exchange, ASP/Dot Net etc inbuilt...? Would be really great if someone can throw light on this. Regards, Balaji Swaminathan .M -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Robert Portvliet Sent: Tuesday, December 29, 2009 5:41 AM To: s3c.b3n Cc: pen-test () securityfocus com Subject: Re: Pentesting lab In terms of webapp testing there's GOAT from OWASP, MOTH from Bonsai Sec, Mutillidae from IronGeek, DVWA (Damn Vulnerable Web App) and the 'HackMe' series from Foundstone. On the network side there's the De-ICE LiveCD's and DVL (Damn Vulnerable Linux), also VMWare's marketplace has a bunch of VM images you can download. On Thu, Dec 24, 2009 at 9:09 AM, s3c.b3n <securitybender () gmail com> wrote:Hi all, I'm just starting my career a security specialist. I'm interested in creating my own penetration testing lab. To test exploits (metasploit epically) I need some targets (vulnerable servers). Are there such servers (VM images or ISOs) for general services like OWASP for web apps? or are there any scripts or applications that can create those vulnerabilities. My main goal is to get familiar with the existing tools. Thanks -- s3c b3n------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification ReviewBoardProve to peers and potential employers without a doubt that you canactually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- s3c b3n ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Pentesting lab chr1x (Jan 04)
- <Possible follow-ups>
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- Re: Pentesting lab s3c.b3n (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 04)
- RE: Pentesting lab Swaminathan, Balaji (Jan 04)
- RE: Pentesting lab Elliot Fernandes (Jan 05)
- Hacking and Building Web Applications Swaminathan, Balaji (Jan 05)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Hacking and Building Web Applications Morgan Reed (Jan 11)
- Re: Hacking and Building Web Applications J. Bakshi (Jan 06)
- RE: Hacking and Building Web Applications Swaminathan, Balaji (Jan 11)
- Re: Pentesting lab charles watathi (Jan 06)