Skorpinok Rover Posted October 23, 2013 Share Posted October 23, 2013 (edited) Hi, Just a N00B..... question. Installed a latest version of vulnerable web app mutilliade on Ubuntu server 12.04 inside Virtualbox, while installing i selected *LAMP SERVER* , *NO UPDATES*,after installation i turned off firewall, apart from these is there anything i can do to misconfigure this server for penetration testing just like metasploitable ? if you got any suggestion let me know. -skorpinok. Edited October 23, 2013 by Skorpinok W7PC Quote Link to comment Share on other sites More sharing options...
hexophrenic Posted October 23, 2013 Share Posted October 23, 2013 Time consuming, but look through Bugtraq or ExploitDB or some other source and find vulnerable versions of software to install on the boxes. It might require compiling rather than apt-get as the repos will have the fixed versions most likely. Also, randomly set some programs SUID for root and see if you can tip them over. Really, though, you are better running an older platform if you are just wanting to demo or study the exploit process itself. Quote Link to comment Share on other sites More sharing options...
Skorpinok Rover Posted October 23, 2013 Author Share Posted October 23, 2013 (edited) Time consuming, but look through Bugtraq or ExploitDB or some other source and find vulnerable versions of software to install on the boxes. It might require compiling rather than apt-get as the repos will have the fixed versions most likely. Also, randomly set some programs SUID for root and see if you can tip them over. Really, though, you are better running an older platform if you are just wanting to demo or study the exploit process itself. Thanks, i think i made some minor changes, am not so talented with this but i guess somehow this may work not sure. 1) Disabled the Firewall 2) Disabled SELinux/AppArmor 3) NO filesystem encryption 4) Left the root account enabled. Web page is super super friendly for attacks, when tested from kali. Ubuntu Server 12 installed along with Msploitable 2 inside Vbox, Vbox runs inside Kali Linux, Kali is dualbooted along Windows7 Dell XPS Core i7, 8 GB RAM, SeaGate 720 GB HDD. for kali ( 500GB allocated) Edited October 23, 2013 by Skorpinok W7PC Quote Link to comment Share on other sites More sharing options...
Drei_Drachen Posted October 24, 2013 Share Posted October 24, 2013 (edited) You could also store the root password in a plain txt file. I know that's not a config issue...but hey, it is poor practice and i'm sure it still happens. LOL Edited October 24, 2013 by Drei_Drachen Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.