LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Easy vulnerabilites to install (http://www.linuxquestions.org/questions/linux-security-4/easy-vulnerabilites-to-install-4175453807/)

svenxix 03-12-2013 01:17 PM

Easy vulnerabilites to install
 
I am building an intentionally vulnerable Ubuntu server for an information security class, but I am having a hard time installing vulnerabilities.

Does anyone know any vulnerabilities that are easy to install for Ubuntu 10.04?

Habitual 03-12-2013 01:45 PM

Biggest hole in Linux: telnet

Noway2 03-12-2013 02:01 PM

I don't recall the name of them but there are some downloadable installations with well documented vulnerabilities made specifically for testing purposes.

svenxix 03-12-2013 02:08 PM

What telnet exploit are you using? I can't find a reliable one for Ubuntu. I know it sends passwords in plaintext, but I'm not going to have anyone logging into the box during the exercise. Is there a metasploit module that you had in mind or something else?

John VV 03-12-2013 04:46 PM

have a look at " Damn Vulnerable Linux "
http://distrowatch.com/table.php?distribution=dvl

why rebuild the wheel

Quote:

What telnet exploit are you using? I can't find a reliable one for Ubuntu
the whole thing is a security breach " just waiting to happen "

it was designed back in the day of 50 or so " supper computers" that has terminal access using punch cards .

Noway2 03-13-2013 04:53 AM

Quote:

Originally Posted by John VV (Post 4910277)
have a look at " Damn Vulnerable Linux "

Thank you. That is what I was thinking of but couldn't remember the name.

dunix 03-15-2013 12:16 PM

Mutillidae is a great option if you are looking specifically at web application security.

jpollard 03-18-2013 04:40 PM

Quote:

Originally Posted by Habitual (Post 4910179)
Biggest hole in Linux: telnet

Telnet can be as secure as ssh.

It all depends on your environment - ssh can be totally insecure...

To secure telnet, just add kerberos to the environment. You get encryption available, and single sign-on (Kerberos credentials used).

awc 03-24-2013 12:00 AM

Rapid7 provides vulnerable vm's for exactly what you're doing. The project is called Metasploitable

Quote:

Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox, VMFusion. You can download the image file of Metasploitable 2 from


All times are GMT -5. The time now is 12:57 AM.