Jump to content

Pentesting Distro


Recommended Posts

So Ive played with DVL for a little while and I really isnt all I thought it would be. So I decided to "roll" my own, Its based off debian. So what im asking for are any programs you know that are either moderately vulnerable or extremely vulnerable, I do not mind compiling and installing older versions. I would prefer them to be web apps that are easily exploitable through metaslpoit or other means. If your interested or have other idea please feel free to chyme in.

Also, i want it to be a on a live cd and i think fluxbox would be more then enough for this, but i am also taking others input on that as well.. Thank you for your help

Link to comment
Share on other sites

I think it depends on what you are trying to accomplish. How many machines are you talking about emulating on your CD? Just one, or lots? Are you wanting to only simulate something to run exploits against, or are you wanting to simulate something which involves all the steps of the pentesting process? You might want to check out De-ICE live pentesting CDs for ideas.

Link to comment
Share on other sites

De-ICE is almost exactly what i want. When i get some spare time i will check that out.

But I dont want to only offer a little information and charge for the rest. I have some documentation and what not already written up on how to execute a remote shell on a certain program, then on that i have different shells that people can add in there(like metasploit), but its a more of a hands on kind of thing.

What I want to do is have 1 distro that is entirely vulnerable, Then have different scenarios that can be loaded at boot, from gurb. Example


Fully Exploitable

HTTP/Apache > SSH




And each of those will have a set of goals, So the HTTP/Apache will be like this almost:

Apache running(all of the drive will be viewable)

OpenSSH running

Step 1. Exploit the Apache server to gain the ability to traverse the local drive. Find the "BLANKFILE" and read steps to continue.

Step 2. (IN THE "BLANKFILE") Looks like a vulnerable version of ssh is running, Exploit that and create a new admin user.

things like that.. it may not be entirely worth it, but i know i would enjoy playing with something like this

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...