I've been creating test ranges using VMWare and an isolated network to play around with, and configuring endpoint workstations to be the receiving end of penetration tests.
I've found that the "easy" exploits are ms03_026_dcom and ms08_067_netapi, but of course I want to expand my configuration horizons so I am trying to configure other holes in the workstations.
I've tried configuring IIS Web & FTP servers to be extremely insecure (ended up with IIS 5.1 and 6.0 I believe) but found none of the exploits I tried worked.
Question: What are some good vulnerable services, 3rd party software, or configuration settings I can try that stray from plain old RPC and SMB?
 
     
     
    