1

I am a teacher giving pentesting classes and I have a group of students that I have been teaching for 4 years now.

I would like to make a little "hacking contest" in which there is a vulnerable machine, and the children try to get root access to it. In order to do that I have started looking for a highly vulnerable OS that I can install on an external machine (one that I had lying around for a while now). I have found some OSs that are vulnerable such as metasploitable. But they are all designed to be installed on a VM. But that is not what I need. I need an OS that I can burn on a cd, or a USB and installed on a PC.

Why am I not hosting a VM on my own machine? I can do that but the machine that I have is old, and not used. So it will be thrown away. And I really want to make some use out of it.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Fr1nge
  • 11
  • 1
  • 2
    Software/OS recommendations are off-topic. You can try posting at softwarerecs.stackexchange.com, or edit this question so that it is asking about an aspect of information security, and not asking for recommendations for a specific OS or software. – browly Mar 28 '18 at 16:31
  • Don't you want to install a Metasploitable-like straight on your old PC ? As native OS and not in a VM. And by the way, maybe you could look for another hackable machine a little bit harder as a next step because the official Metasploitable can be rooted in less than 10min even for a novice with nmap / metasploit. – T. Rode Nov 30 '18 at 15:51
  • Your last 6 sentences mean that I'm not sure what your requirements are. You want to burn Metasploitable onto a bootable CD? Then use Linux. You want to distribute Metasplotable on removable media? Why not distribute the VM? You want to install Metasploitable on your own machine? Why not install VMWare or VirtualBox and install the VM there? Why does Metasploitable have to be installed on bare metal? That's what is difficult to understand. – schroeder Dec 30 '18 at 20:43
  • Alternatively, there is an active Metasploitable forum and Githib site that might help you with the OS-level approaches to your question. – schroeder Dec 30 '18 at 20:44

1 Answers1

0

You should consider using public facing sites for something like this such as Troy Hunt's "Hack Yourself First" [Link]. If your vulnerable server is public facing to the internet, that box is going to be compromised in less than 24 hours and you could put whoever logs into that box at risk.

Mrdeep
  • 546
  • 4
  • 12
  • 3
    OP, branching from Mrdeep's comment, you'll want to read [this thread](https://security.stackexchange.com/questions/31401/is-it-safe-to-install-metasploit-in-my-daily-used-computer) on some of the security vulnerabilities you'd be introducing by not installing Metasploit in a VM. For a competition, maybe check out [OverTheWire](http://overthewire.org/wargames/bandit/). –  Mar 28 '18 at 17:54