Monday, September 12, 2011

Lab continued

So I have been looking for operating systems to install in my shiny new lab today. I already had a Redhat 6.1 ISO handy so I installed that. I have also downloaded the latest version of BackTrack to use as my hacking platform. For those that don't know BackTrack is a Linux distribution that comes pre-installed with all the security tools you could wish for, and probably a few more besides. I will expand on BackTrack a bit more in later posts as I start using it.

I was searching around the web for other OS's that I could use for learning purposes and I came across this excellent page by Felipe Martins:

http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

as the URL suggests it is a complete list of vulnerable systems/sites that can be used for studying penetration testing. Top bloke!

There are a number of operating systems and web apps listed that are specifically designed to be insecure so that the beginner/trainee can practice their skills. There are also a number of war games sites that I will have to check out at a later time.

For now I have decided to download DVWA (Damn Vulnerable Web Application) and I was going to go for DVL (Damn Vulnerable Linux) but it looks like they are still working on version 2.0 (to be released soon).
Posted by at
Labels:

5 comments:

  1. You can use the metasploitable OS from metasploit (rapid7): http://blog.metasploit.com/2010/05/introducing-metasploitable.html

    And also I would recommend you to buy this book: Metasploit - The penetration Tester's Guide (David Kennedy, Jim O'Gorman, Devon Kearns and Mati Aharoni). It's a very good book regarding metasploit framework (installed in bactrack). You will use this framework quite a lot!!

    ReplyDelete

  2. If you plan on using backtrack as your pentest os, I would check this book out if you haven't already.

    http://www.packtpub.com/backtrack-4-assuring-security-penetration-testing/book

    ReplyDelete

  3. I would highly recommend spending the couple of hundred pounds and getting an MS Tech Net subscription. Lets you download all MS OS's and other software. My whole lab is built on it.

    ReplyDelete

  4. I started down the same round a few years back. Whilst my current lab has changed slightly, I wrote a couple of posts detailing my basic setup. Hopefully they'll be of some help.
    http://blog.infosanity.co.uk/2009/10/13/virtual-lab-network/
    http://blog.infosanity.co.uk/2009/10/12/virtual-lab-machines/.

    Added your RSS feed, looking forward to updates in the future.

    ReplyDelete

  5. Thanks for the info all, much appreciated

    ReplyDelete

Subscribe to: Post Comments (Atom)