Virtual Machines
single series all timeline

Search Result: d (683 results)

Updated to set default runlevel to 3 (no X windows) and fixed DHCP.

This is the fourth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not provided! The idea of the exercise is to compromise the target WITHOUT knowing the username and password. Note that there are other capture the flag exercises. If you like this one, download and try out the others. If you have any questions e-mail me at justin AT madirish DOT net.

The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/).

These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools.

more...
LAMPSecurity: CTF4
10 Mar 2009
 by 
madirish2600
ellipsis

Moth is a downloadable VMWare image based on Ubuntu. It was set up to test the functionality of w3af and it includes various web application vulnerabilities. Most howto's use Moth as an example for a web page under test.

Source: http://sourceforge.net/apps/trac/w3af/wiki/Moth

Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:

Testing Web Application Security Scanners

Testing Static Code Analysis tools (SCA)

Giving an introductory course to Web Application Security

The motivation for creating this tool came after reading \"anantasec-report.pdf\" which is included in the release file which you are free to download. The main objective of this tool is to give the community a ready to use testbed for web application security tools. For almost every web application vulnerability that exists in the wild, there is a test script available in moth.

There are three different ways to access the web applications and vulnerable scripts included in moth:

Directly

Through mod_security

Through PHP-IDS (only if the web application is written in PHP)

Both mod_security and PHP-IDS have their default configurations and they show a log of the offending request when one is found. This is very useful for testing web application scanners, and teaching students how web application firewalls work. The beauty is that a user may access the same vulnerable script using the three methods; which helps a lot in the learning process.

Source: http://www.bonsai-sec.com/en/research/moth.php

more...
Moth: 0.6
5 May 2009
 by 
Andresriancho
ellipsis

This is the fifth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not provided! The idea of the exercise is to compromise the target WITHOUT knowing the username and password. Note that there are other capture the flag exercises. If you like this one, download and try out the others. If you have any questions e-mail me at justin AT madirish DOT net

The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/).

These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools.

more...
LAMPSecurity: CTF5
10 May 2009
 by 
madirish2600
ellipsis

GoatseLinux v1.0 pentest lab Virtual Machine

Steve Pordon

2009.06.27

Feel free to distribute this far and wide under the gnu license.

This is specifically built for VMware 6.5 compatibility.

WARNING: GoatseLinux is intentionally unsecure. It was designed as a laboratory box to practice penetration testing on. Due to the wide open nature of nearly every program installed on it, I would strongly advise against setting your VM network to anything other than "host-based," unless you enjoy your VMs being used as zombie spamboxes.

Notes:

Built on the Slax 5.0.7 distro.

Source: readme.txt

more...
GoatseLinux: 1
27 Jun 2009
 by 
neutronstar
ellipsis

The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/).

These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools.

more...
LAMPSecurity: CTF6
29 Jun 2009
 by 
madirish2600
ellipsis

Where to get the current Hackerdemia PenTest Tool Tutorial disk: http://heorot.net/instruction/tutorials/iso/hackerdemia-1.1.0.iso

The MD5 Hash Values of Each Disk: 09e960360714df7879679dee72ce5733 ==> hackerdemia-1.1.0.iso

How to start the disk: Boot the LiveCD on a system within your pentest lab, which needs to be configured to be in the 192.168.xxx.xxx range. Connect to http://192.168.1.123 using a web browser (preferably in BackTrack or your favorite pentest platform)

You will be presented with a web page, which is your tutorials. All hands-on examples were created with the Hackerdemia disk as the target, so your results should exactly match those found in the tutorials.

Where to get the BackTrack disk: http://remote-exploit.org/backtrack_download.html

Network configuration: The LiveCD configures itself to an IP address of 192.168.1.123 by default. If you want to change it, simply log in as: username: root password: toor

...and change the ifconfig information (If you don't know what I'm talking about, go to: http://en.wikipedia.org/wiki/Ifconfig)

Source: http://forums.hackingdojo.com/

more...
De-ICE: S1.123 (Hackerdemia)
12 Oct 2009
 by 
De-ICE
ellipsis

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.

Source: https://owasp.org/index.php/Category:OWASP_Vicnum_Project

more...
Vicnum: 1.3
18 Oct 2009
 by 
Mordecai Kraushar
ellipsis

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.

Source: https://owasp.org/index.php/Category:OWASP_Vicnum_Project

more...
Vicnum: 1.4
30 Dec 2009
 by 
Mordecai Kraushar
ellipsis

Kioptrix VM Image Challenges:

This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

Source: http://www.kioptrix.com/blog/?page_id=135

Source: http://www.kioptrix.com/blog/?p=49

more...
Kioptrix: Level 1 (#1)
17 Feb 2010
 by 
Kioptrix
ellipsis

One of the questions that we often hear is "What systems can i use to test against?" Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes.

Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.

You can use most VMware products to run it, and you'll want to make sure it's configured for Host-only networking unless it's in your lab - no need to throw another vulnerable machine on the corporate network. It's configured in non-persistent-disk mode, so you can simply reset it if you accidentally 'rm -rf' it.

Source: http://web.archive.org/web/20100525233058/http://blog.metasploit.com/2010/05/introducing-metasploitable.html

more...
Metasploitable: 1
19 May 2010
 by 
Metasploit
ellipsis

Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you're having trouble, or there are any problems, it can be discussed here.

Source: http://pynstrom.com/holynix.php

-- README

Holynix 1.0 beta Release Notes

Similar to the de-ice and pWnOS pentest cds, Holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example. The object of the challenge is to gain root level privileges and access to personal client information.

Support

Homepage: http://pynstrom.com/

Project Page: http://pynstrom.com/holynix.php

Forums: http://pynstrom.com/forum/

Bugs

Bugs or can be reported using sourceforge's bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at pynstrom AT pynstrom DOT com

Source: holynix-v1.tar.bz2/README.txt

README.txt wasn't updated with the release of the final version

-- Forum

Difference between beta and final

  • Set HD to non-persistant so any mistakes will be fixed at reboot.
  • Removed some trash I accidentally left laying around.

Source: http://pynstrom.com/forum/viewtopic.php?f=2&t=5

Getting Started w/ Holynix v1

Source: http://pynstrom.com/forum/viewtopic.php?f=6&t=6

-- Checksums

Beta MD5: D19306C6C2305005C72A7811D2B72B51

Beta SHA1: 0C5B7D37FECD39C52BC2C8C2EE66A617BB576A90

Final MD5: EBB8EF2544559D72A052687497F78341

Final SHA1: 967F3DB6D97CCC615EB5758AC75387D46C3D1199

more...
Holynix: v1
27 Nov 2010
 by 
Holynix
ellipsis

Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you're having trouble, or there are any problems, it can be discussed here.

Source: http://pynstrom.com/holynix.php

-- README

Holynix 2.0 Release Notes

Holynix is an Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. The object of the challenge v1 is just to root the box. Register on the forums to receive an email update when a new challenge is released.

Network Configuration

Holynix v2 is set with static ip and requires some network configuration in order to run.

  • Network: 192.168.1.0/24
  • Pool Starting Addr: 192.168.1.2
  • Gateway Addr: 192.168.1.1
  • Subnet Mask: 255.255.255.0

Support

Homepage: http://pynstrom.com/

Project Page: http://pynstrom.com/holynix.php

Forums: http://pynstrom.com/forum/

Bugs

Bugs can be reported using sourceforge's bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at [email protected]

Source: holynix-v2.tar.bz2/README.txt

--Forum

Getting Started w/ Holynix v2

Source: http://pynstrom.com/forum/viewtopic.php?f=8&t=7

more...
Holynix: v2
8 Dec 2010
 by 
Holynix
ellipsis
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with this. You can find out more about the cookies used by clicking this link (or by clicking the 'Privacy Policy' link at the top of any page).