Easy vulnerabilites to install
I am building an intentionally vulnerable Ubuntu server for an information security class, but I am having a hard time installing vulnerabilities.
Does anyone know any vulnerabilities that are easy to install for Ubuntu 10.04? |
Biggest hole in Linux: telnet
|
I don't recall the name of them but there are some downloadable installations with well documented vulnerabilities made specifically for testing purposes.
|
What telnet exploit are you using? I can't find a reliable one for Ubuntu. I know it sends passwords in plaintext, but I'm not going to have anyone logging into the box during the exercise. Is there a metasploit module that you had in mind or something else?
|
have a look at " Damn Vulnerable Linux "
http://distrowatch.com/table.php?distribution=dvl why rebuild the wheel Quote:
it was designed back in the day of 50 or so " supper computers" that has terminal access using punch cards . |
Quote:
|
Mutillidae is a great option if you are looking specifically at web application security.
|
Quote:
It all depends on your environment - ssh can be totally insecure... To secure telnet, just add kerberos to the environment. You get encryption available, and single sign-on (Kerberos credentials used). |
Rapid7 provides vulnerable vm's for exactly what you're doing. The project is called Metasploitable
Quote:
|
All times are GMT -5. The time now is 10:55 AM. |