LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-12-2013, 01:17 PM   #1
svenxix
LQ Newbie
 
Registered: Feb 2012
Distribution: Debian, Fedora
Posts: 24

Rep: Reputation: 0
Easy vulnerabilites to install


I am building an intentionally vulnerable Ubuntu server for an information security class, but I am having a hard time installing vulnerabilities.

Does anyone know any vulnerabilities that are easy to install for Ubuntu 10.04?
 
Old 03-12-2013, 01:45 PM   #2
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Slack14_64_Multilib
Posts: 3,067
Blog Entries: 4

Rep: Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741Reputation: 741
Biggest hole in Linux: telnet
 
Old 03-12-2013, 02:01 PM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I don't recall the name of them but there are some downloadable installations with well documented vulnerabilities made specifically for testing purposes.
 
Old 03-12-2013, 02:08 PM   #4
svenxix
LQ Newbie
 
Registered: Feb 2012
Distribution: Debian, Fedora
Posts: 24

Original Poster
Rep: Reputation: 0
What telnet exploit are you using? I can't find a reliable one for Ubuntu. I know it sends passwords in plaintext, but I'm not going to have anyone logging into the box during the exercise. Is there a metasploit module that you had in mind or something else?
 
Old 03-12-2013, 04:46 PM   #5
John VV
Guru
 
Registered: Aug 2005
Posts: 12,666

Rep: Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683Reputation: 1683
have a look at " Damn Vulnerable Linux "
http://distrowatch.com/table.php?distribution=dvl

why rebuild the wheel

Quote:
What telnet exploit are you using? I can't find a reliable one for Ubuntu
the whole thing is a security breach " just waiting to happen "

it was designed back in the day of 50 or so " supper computers" that has terminal access using punch cards .

Last edited by John VV; 03-12-2013 at 04:48 PM.
 
1 members found this post helpful.
Old 03-13-2013, 04:53 AM   #6
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by John VV View Post
have a look at " Damn Vulnerable Linux "
Thank you. That is what I was thinking of but couldn't remember the name.
 
Old 03-15-2013, 12:16 PM   #7
dunix
Member
 
Registered: Nov 2009
Location: Vermont
Distribution: Slackware, RHEL/CentOS, Fedora
Posts: 40

Rep: Reputation: 18
Mutillidae is a great option if you are looking specifically at web application security.
 
Old 03-18-2013, 04:40 PM   #8
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 2,020

Rep: Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518Reputation: 518
Quote:
Originally Posted by Habitual View Post
Biggest hole in Linux: telnet
Telnet can be as secure as ssh.

It all depends on your environment - ssh can be totally insecure...

To secure telnet, just add kerberos to the environment. You get encryption available, and single sign-on (Kerberos credentials used).
 
Old 03-24-2013, 12:00 AM   #9
awc
LQ Newbie
 
Registered: Aug 2012
Location: North America
Distribution: Mint
Posts: 5

Rep: Reputation: 0
Rapid7 provides vulnerable vm's for exactly what you're doing. The project is called Metasploitable

Quote:
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox, VMFusion. You can download the image file of Metasploitable 2 from
 
  


Reply

Tags
ubuntu, vulnerability


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Google Chrome afflicted by Mozilla Firefox vulnerabilites? lupusarcanus Linux - Security 1 03-30-2010 04:39 PM
For those looking for an easy way to install/backup install routines. corbintechboy Debian 1 05-15-2009 01:00 PM
RealPlayer install location (easy install for Ubuntu) tferero Linux - Newbie 5 11-07-2007 08:06 AM
Easy-use, easy-install, fast, minimal KDE distro? lukeprog Linux - Distributions 8 09-08-2007 04:21 PM
newbie: looking for easy to install distro that I can install new programs on easily m.r.bob Linux - Distributions 25 02-15-2006 05:04 PM


All times are GMT -5. The time now is 03:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration