Vulnerable OS's?

Question

Which vulnerable OS's like for example DVL would you recommend for someone to use for the purpose of pentest/exploitation learning?

Am I the only one who finds it a bit ironic that we're not using DVL (Damn **Vulnerable** Linux) because is not _maintained_ anymore? — Adi, May 11 '13 at 18:44
Also see here http://security.stackexchange.com/questions/35756/where-can-i-find-a-vulnerable-operating-system-to-practice-pentests-on/35767#35767 — NULLZ, May 15 '13 at 23:23

score 35 · Answer 1 · answered May 11 '13 at 17:25

35

There is quite a lot of them:

Metasploitable: Currently there are 2 versions.
Kioptrix: Currently 4 challenges.
Hackademic: Apparently 2 VM, check 1 and 2.
pWnOS: Currently 2 challenges.

Standalone which you can install directly without VM, this is to hone your Webattack-Fu:

answered May 11 '13 at 17:25

HamZa

1,370
1
15
19

7

In addition, Windows Server 2003 with no patches would be a good start. – ponsfonze May 12 '13 at 20:33
2

@ponsfonze Yeah indeed, but since the OP has tagged his question `linux` I didn't add it. – HamZa May 12 '13 at 20:38

Rory McCune · Accepted Answer · 2011-03-01T09:39:55.993

There's a couple of good ones in addition to DVL, that I've come across

Metasploitable is designed for testing out some of Metasploits functionality. There's some good information on using it in the free Metasploit Unleashed course.
There's also DVWA from a web applications perspective

EDIT:

Another good list I came across on a blog recently, has quite a few potential vulnerable apps

Pentest lab vulnerable servers-applications list

score 21 · Answer 3 · answered May 12 '13 at 00:52

21

I'd suggest in additiona to HamZa DzCyberDeV's answer:

Pentester Labs exercises which are full VMs as well as full detailed walkthroughs etc. These are great for all skill levels and i've found them most useful.

answered May 12 '13 at 00:52

NULLZ

11,426
17
77
111

1

@HamZaDzCyberDeV Thank Louis Nyffenegger https://twitter.com/snyff he's the guy who's been kind enough to make it happen :) – NULLZ May 15 '13 at 01:32

score 8 · Answer 4 · edited Oct 19 '14 at 23:29

8

Another good one is http://exploit-exercises.com/:

exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

edited Oct 19 '14 at 23:29

alecxe

1,515
5
19
34

answered May 15 '13 at 01:37

seemickmack

81
1
1

score 7 · Answer 5 · edited Oct 19 '14 at 23:28

7

Did a little research on my own and found the following:

De-ICE PenTest LiveCDs Project
Web Security Dojo - one more web appsec training environment (based on ubuntu)
Holynix

edited Oct 19 '14 at 23:28

alecxe

1,515
5
19
34

answered Nov 14 '10 at 09:15

tkit

3,272
5
28
36

score 5 · Answer 6 · answered Dec 11 '10 at 10:32

5

I know of LAMP security training and PwnOS

answered Dec 11 '10 at 10:32

krempita

189
4

score 3 · Answer 7 · answered Dec 07 '10 at 21:27

To a greater or lesser degree, almost all OS'es should be counted as vulnerable out of the box, so in my opinion you should practice on Win XP, 2000 and possibly Win 7, Linux (of any type), MAC OS X etc. Once you understand the vulnerabilities, then patch and apply secure hardening guidance and retest the same platforms. You will then get some valuable experience as to how OS'es can be secured.

score 2 · Answer 8 · edited Mar 17 '17 at 10:46

2

Please see Question: servers-for-penetration-testing. It has many Operating Systems and live servers that you are allowed to attack, hack and learn...

edited Mar 17 '17 at 10:46

Community

1

answered Mar 01 '11 at 19:30

labmice

1,338
1
9
11

score 1 · Answer 9 · answered Jan 31 '17 at 13:30

1

OWASP site, specifically

https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project#tab=Virtual_Machines_or_ISOs

Contains links to Virtual machines etc, some maintained others not

answered Jan 31 '17 at 13:30

John Cogan

143
4

score 1 · Answer 10 · edited Jun 16 '20 at 09:49

1

If you have a little money to spend then you can grab an MSDN OS license to gain access to the various Windows OS versions. If you answer the questions correctly, you can get an MSDN license for $100 via BizSpark: http://www.microsoft.com/bizspark/Faqs.aspx

UPDATE: Check out this list: http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

edited Jun 16 '20 at 09:49

Community

1

answered Nov 13 '10 at 05:56

Tate Hansen

13,714
3
40
83

2

Are you implying that Windows is a "vulnerable OS" and useful only for "exploitation learning"? – AviD Nov 17 '10 at 00:33
1

Btw, BizSpark rocks, but its not just a question of "answering the questions correctly". (See there "Who is eligible for BizSpark?"). – AviD Nov 17 '10 at 00:35
2

No. I never said or implied Windows is only useful for "exploitation learning". Windows is a great gaming platform! And wouldn't you agree most (all?) default Windows installations is the equivalent to running a vulnerable OS? – Tate Hansen Nov 17 '10 at 04:07
when you say default are you refering to a patched or unpatched system connected to the network/web? – Anonymous Type Nov 24 '10 at 02:44

score 1 · Answer 11 · edited Sep 26 '13 at 12:17

1

Hi just on the following of "vulnerable" VM's I have a great resource for you guys just thought id pop it on here. It's called VulnHub.

edited Sep 26 '13 at 12:17

Adi

43,808
16
135
167

answered Sep 26 '13 at 11:08

user31267

21
1

A bit more detail would be nice but it seems like a good resource... – NULLZ Sep 26 '13 at 12:15

Vulnerable OS's?

11 Answers11

Linked

Related