Penetration Testing (Attacker & Targets)
You need something to break in from (attacker)
& something to gain access into (targets)
That's up to you!
Many people use these pre-made environments to: test out new tools, compare results between tools, benchmark the performance of tools, or, to try and discover new methods to exploit know vulnerabilities.
However, if this is all new to you and you're still learning the basics, you may wish to have a specifically designed environment, which has purposely been created for such an event/task.
An example of such software:
Alternatively, you can take the time to create your own. First by installing a base operating system, installing your favourite tools, then customizing it to your hardware & liking.
Again, that's up to you!
VulnHub offers various pre-built VM scenarios (check: 'Vulnerable Machines')
, which require varying amounts of skill & technique. You can download one (or them all)
and start learning.
We also have a 'Vulnerable code' section. These are also scenarios, however, they require some form of additional configuration before they'll work. For example, if the vulnerable code was a web application it will require an operating system & a web server before it can be exploited (it also may need additional services, such as a database)
You may wish to install an operating system with a certain application, then 'misconfigure it' in different ways. You can then check to see what 'damage' can be done by exploiting the misconfigured application. One example could be to enable 'Simple Network Management Protocol (SNMP)' or 'NetBIOS/Samba' and modify their settings.
If you wanted to replicate a machine virtually, allowing you to safely experiment on the clone without any fear of any effect on the original machine.