Penetration Testing mailing list archives

Re: Pentesting lab

From: Scott <opiesan () gmail com>
Date: Tue, 29 Dec 2009 13:43:01 -0500

I recommend the De-ICE CD's as a good starting point. Not only are
they designed to be vulnerable, there's also a framework/course based
on attacking them  www.de-ice.net

You can also check out Damn Vulnerable Linux although I've never used
it. http://www.damnvulnerablelinux.org/

If you want to focus on web application testing then give Webgoat a
try as well.
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Lastly, try searching the list archives on this topic. I've seen it
come up many times in the past and you'll likely find a wealth of
excellent responses and suggestions in the previous threads.  Good
luck.

Scott

On Thu, Dec 24, 2009 at 9:09 AM, s3c.b3n <securitybender () gmail com> wrote:

Hi all,

I'm just starting my career a security specialist. I'm interested in
creating my own penetration testing lab. To test exploits (metasploit
epically) I need some targets (vulnerable servers). Are there such
servers (VM images or ISOs) for general services like OWASP for web
apps? or are there any scripts or applications that can create those
vulnerabilities.

My main goal is to get familiar with the existing tools.

Thanks
--
s3c b3n

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Pentesting lab s3c.b3n (Dec 29)
- Re: Pentesting lab Chris Griffin (Dec 29)
- Re: Pentesting lab Curt Shaffer (Dec 29)
- Re: Pentesting lab Felipe Martins (Dec 29)
- Re: Pentesting lab Scott (Dec 29)
- Re: Pentesting lab Robin Wood (Dec 29)
- RE: Pentesting lab Amardeep Singh (Dec 29)
- Re: Pentesting lab John Holbrook (Dec 29)
- Re: Pentesting lab Robert Portvliet (Dec 29)