Easy vulnerabilites to install
 

I am building an intentionally vulnerable Ubuntu server for an information security class, but I am having a hard time installing vulnerabilities.

Does anyone know any vulnerabilities that are easy to install for Ubuntu 10.04?

Biggest hole in Linux: telnet

I don't recall the name of them but there are some downloadable installations with well documented vulnerabilities made specifically for testing purposes.

What telnet exploit are you using? I can't find a reliable one for Ubuntu. I know it sends passwords in plaintext, but I'm not going to have anyone logging into the box during the exercise. Is there a metasploit module that you had in mind or something else?

have a look at " Damn Vulnerable Linux "
http://distrowatch.com/table.php?distribution=dvl

why rebuild the wheel

the whole thing is a security breach " just waiting to happen "

it was designed back in the day of 50 or so " supper computers" that has terminal access using punch cards .

Thank you. That is what I was thinking of but couldn't remember the name.

Mutillidae is a great option if you are looking specifically at web application security.

Telnet can be as secure as ssh.

It all depends on your environment - ssh can be totally insecure...

To secure telnet, just add kerberos to the environment. You get encryption available, and single sign-on (Kerberos credentials used).

Rapid7 provides vulnerable vm's for exactly what you're doing. The project is called Metasploitable