Scene 1

Your pentesting company has been hired to perform a test on a client company's internal network. Your team has scanned the network and you have been assigned one of the discovered systems. Perform a test on this system starting from the beginning of your chosen methodology and submit your report to the project manager at scenes AT 21LTR DOT com

Scope Statement

The client has defined a set of limitations for the pentest: - All tests will be restricted to the systems identified on the 192.168.2.0/24 network. - All commands run against the network and systems must be supplied in the form of script files packaged with the submission of the report - A final report indicating all identified vulnerabilities and exploits will be provided to the company's engineering department within 90 days of the start of this engagement.

Configuration

Scenario Pentest Lab Scene 1:

This LiveCD is configured with an IP address of 192.168.2.120 - no additional configuration is necessary.

Source: http://21ltr.com/scenes/21LTR.com_Scene1_2.120_v1.0.txt

Damn Vulnerable Linux (DVL) Strychnine+E605 (1.4):

Added more tools. Now Reverse Code Engineering tools is 99%, added Truecrypt, Eclipse IDE for Java and C++, added Mono for .NET vulnerability. Rearranged the menu, minor bug fixes ( :grin: ). We close tool addition with this and focus on bug fix and training material only from now on.

  • [Application Development] Add Motor IDE
  • [Application Development] Update HLA to 1.98 and StdLib to 2.3
  • [Application Development] Add LogWatch
  • [DVL Core] Add XEN
  • [Reverse Code Engineering] Add Insight GDB Debugger
  • [Tutorials] Add CPU Sim - An Interactive Java-based CPU Simulator
  • [Reverse Code Engineering] Add JAD Java Decompiler
  • [Tools] Add VLC Media Player
  • [Documentation] Add TeTex
  • [Documentation] Add JabRef
  • [Application Development] Add Kile
  • [Documentation] Add kDissert Mindmapper
  • [Peneration Testing] Add JBroFuzz
  • [Application Development] Add WebScarab
  • [Peneration Testing] Add CAL9000
  • [Reverse Code Engineering] Add KDBG
  • [Application Development] Add xchm
  • [DVL Core] Add gtk libs
  • [Tools] Add xvidcap
  • [Tools] Add AcroRead
  • [Tools] Add Scite

DVL 1.4 final is ready to go and is uploaded at the moment. We hit the 1.6 GB size, including all necessary to train software development, IT security and Reverse Code Engineering. During the next time the mirrors will be informed. After this we post the links. As well we do a short intro video to show all features and on how to use DVL.

Source: http://blog.security4all.be/2008/02/damn-vulnerable-linux-14-released.html

Source: [http://web.archive.org/web/20090312135824/http://www.damnvulnerablelinux.org/index.php/eng/Damn%20Vulnerable%20Linux%20Distro/Damn%20Vulnerable%20Linux/Release%20Notes%20for%20Damn%20Vulnerable%20Linux%20(up%20to%20release%201.4](http://web.archive.org/web/20090312135824/http://www.damnvulnerablelinux.org/index.php/eng/Damn%20Vulnerable%20Linux%20Distro/Damn%20Vulnerable%20Linux/Release%20Notes%20for%20Damn%20Vulnerable%20Linux%20(up%20to%20release%201.4)