Can anyone provide a good list of resources to learn network penetration testing? I am specifically looking for those having hands on exercises (kind of virtual labs/ISOs) which are free. I know web-apps like Mutillidae or even Google Gruyere are good resources for learning pentesting but these are good for web-app pen-testing. I am specifically searching for Network Pen-testing exercises. Thanks a lot!
Asked
Active
Viewed 1.2k times
7
-
2"Penetration Testing Practice Lab - Vulnerable Apps / Systems" http://www.amanhardikar.com/mindmaps/Practice.html – Tate Hansen Jan 21 '15 at 04:37
6 Answers
7
Check out the following:
- Metasploitable - The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities.
- Metasploitable 2 - The Metasploitable virtual machine version 2.
- Damn Vulnerable Linux - Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software.
Edit: Fixed url to Metasploitable
Ajaxasaur
- 466
- 2
- 7
-
Thnx for the distros! The metaspoitable link is actually contains URL for metasploitable 2. Do you have the URL for Metasploitable (1) – TheRookierLearner Jan 06 '14 at 15:25
-
1
2
Check out https://www.hacking-lab.com. They have a distro setup for the challenges they run
Good sources of info http://www.ethicalhacker.net and Security Tube
If you want resources to work on at home then download Kali Linux (install it, don't run it as a vm or cd/usb iso), Damn Vulnerable Linux, Damn Vulnerable Web App, VM-Ware/ Virtuabox and dig out a copy of XP.
As a minimum, you need to learn how to use NMap, Wireshark & Metasploit though you can cheat a little with Metasploit and use Armitage instead.
If I can find any further good links tonight, i'll post them.
AndyB
- 86
- 3
0
There are many ways to achieve this and I would suggest a way to gain knowledge related to security, gain knowledge and skill up with tools and so on.
Go to the OWASP Testing Guide it covered all the testing areas and vulnerabilities so start reading it and practice with the given tool for each testing.
For an example let's say Testing for SQL Injection (OTG-INPVAL-005) under 4.8 Input Validation Testing so you can read about SQL Injection how it works and so on and then it shows How to Test also it provides Tools so use them for real world bug bounty programmes, ask questions online, take notes and in the end you KNOW and have PRACTICED something about SQL Injections go one by one in the end you will know the standard Pen-testing list.
mapmalith
- 141
- 7
0
The folks in offensive security are offering great course in infrastructure Pentesting check it out at: http://www.offensive-security.com/information-security-training/penetration-testing-with-kali-linux/
The course is comprehensive and will help you do real practice in their online labs, plus that its affordable.
I have some friends tried it and they are very happy with it.
daprof
- 1
0
Hope these helps,
Books :
- Kali Linux Cookbook
- Metasploit Penetration Testing Cookbook
- Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab
Video :
- Security Tube Metasploit Free :D
- Security Tube WLAN Free :D
P.S. The more you explore the more your learn. If you have the desire you will find the luck.
LohithaPerera
- 1
- 1
0
The best would of course be http://www.hackthissite.org/
It provides you with a lot of "missions".
Jatin Nagpal
- 98
- 9