-   Linux - Security (
-   -   Easy vulnerabilites to install (

svenxix 03-12-2013 02:17 PM

Easy vulnerabilites to install
I am building an intentionally vulnerable Ubuntu server for an information security class, but I am having a hard time installing vulnerabilities.

Does anyone know any vulnerabilities that are easy to install for Ubuntu 10.04?

Habitual 03-12-2013 02:45 PM

Biggest hole in Linux: telnet

Noway2 03-12-2013 03:01 PM

I don't recall the name of them but there are some downloadable installations with well documented vulnerabilities made specifically for testing purposes.

svenxix 03-12-2013 03:08 PM

What telnet exploit are you using? I can't find a reliable one for Ubuntu. I know it sends passwords in plaintext, but I'm not going to have anyone logging into the box during the exercise. Is there a metasploit module that you had in mind or something else?

John VV 03-12-2013 05:46 PM

have a look at " Damn Vulnerable Linux "

why rebuild the wheel


What telnet exploit are you using? I can't find a reliable one for Ubuntu
the whole thing is a security breach " just waiting to happen "

it was designed back in the day of 50 or so " supper computers" that has terminal access using punch cards .

Noway2 03-13-2013 05:53 AM


Originally Posted by John VV (Post 4910277)
have a look at " Damn Vulnerable Linux "

Thank you. That is what I was thinking of but couldn't remember the name.

dunix 03-15-2013 01:16 PM

Mutillidae is a great option if you are looking specifically at web application security.

jpollard 03-18-2013 05:40 PM


Originally Posted by Habitual (Post 4910179)
Biggest hole in Linux: telnet

Telnet can be as secure as ssh.

It all depends on your environment - ssh can be totally insecure...

To secure telnet, just add kerberos to the environment. You get encryption available, and single sign-on (Kerberos credentials used).

awc 03-24-2013 01:00 AM

Rapid7 provides vulnerable vm's for exactly what you're doing. The project is called Metasploitable


Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The VM will run on any recent VMware products and other visualization technologies such as VirtualBox, VMFusion. You can download the image file of Metasploitable 2 from

All times are GMT -5. The time now is 05:46 AM.