iisjman07 Posted February 28, 2012 Share Posted February 28, 2012 I want to download a linux distro full of holes, so I can work on my skills in pen testing. I've been meaning to download Damn Vulnerable Linux, but notice that according to DistroWatch, it's been discontinued. Is this still a good platform to work with or is there anything better? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 28, 2012 Share Posted February 28, 2012 If it has been discontinued if you can find an old ISO of it, that should be perfect. Old, outdated, not maintained. Or Metasploitable. Torrent: http://updates.metasploit.com/data/Metasploitable.zip.torrent Quote Link to comment Share on other sites More sharing options...
iisjman07 Posted February 29, 2012 Author Share Posted February 29, 2012 Thanks for the reply, downloading now... Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted February 29, 2012 Share Posted February 29, 2012 Per https://community.rapid7.com/docs/DOC-1514 Metasploitable ReadmeSystem credentials: ------------------- msfadmin:msfadmin user:user service:service postgres:postgres (2 other system accounts) Discovery: ------------- ftp 21/tcp 220 ProFTPD 1.3.1 Server (Debian) [::ffff:127.0.0.1] ssh 22/tcp SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1 telnet 23/tcp Ubuntu 8.04\x0avulnerability login: smtp 25/tcp 220 ubuntu804-base.localdomain ESMTP Postfix (Ubuntu) dns 53/tcp ISC BIND 9.4.2 dns 53/udp ISC BIND 9.4.2 http 80/tcp Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.10 with Suhosin-Patch netbios 137/udp VULNERABILITY:<00>:U :VULNERABILITY:<03>:U :VULNERABILITY:<20>:U :MSFVULN:<00>:G :MSFVULN:<1e>:G :00:00:00:00:00:00 smb 139/tcp smb 445/tcp Unix Samba 3.0.20-Debian (language: Unknown) (domain:MSFVULN) mysql 3306/tcp 5.0.51a-3ubuntu5 distccd 3632/tcp postgres 5432/tcp 8.3.8 http 8180/tcp Apache-Coyote/1.1 (Tomcat 5.5) Bruteforce: ----------- smb Anonymous ssh 6 sessions telnet 6 sessions bind n/a apache 2 web apps (twiki and tikiwik) postgres db compromise (postgres:postgres) mysql db compromise (root:root) tomcat 5.5 shelled (tomcat:tomcat) Exploits: --------- distcc Excellent 1 session on all ranking levels tomcat_mgr_deploy Excellent requires credentials tikiwiki_graph_formula Excellent 1 session on all ranking levels twiki Excellent information disclosure mysql_yassl_getname Good triggers crash, but not working TODO: ----- switch to a vulnerable version of sendmail configure proftpd with vulnerabilities (sql injection? others? downgrade?) Expected sessions: ------------------ From Bruteforce: 6 ssh, 6 telnet, 1 tomcat From Exploit: 1 distcc and 1 tikiwiki_graph_formula Visit here to see how Rapid7 suggest setting up a pen-test virtual network. Also has UltimateLAMP with more web services to exploit vs metasploitable. http://metasploit.com/help/test-lab.jsp Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.