21

A few years ago we had that awesome Linux distribution called Damn Vulnerable Linux. But unfortunately it looks like the project is dead. So my question is are there other Linux distributions which are meant to be hacked (explicit in the view of exploit development). Also welcome would be applications on the Windows platform for exploit exercises (like vulnerable server). Thanks in advance

mcgyver5
  • 6,807
  • 2
  • 24
  • 45
Dirk
  • 510
  • 1
  • 4
  • 16
  • What type of "hacking" are you interested in? Network, Web, and OS (binary) can have varying answers to your question. – Jordan Hanna May 15 '14 at 10:56
  • @JordanHanna mainly i am interested in binary stuff. Network and Web are interesting too but i want to learn to do debugging and exploitation – Dirk May 15 '14 at 11:40
  • 1
    This may be a little off topic, but it is relevant in a way. The [Practical Malware Analysis](http://www.amazon.com/Practical-Malware-Analysis-Dissecting-Malicious/dp/1593272901) book has many amazing lab exercises, with well explained walkthroughs in the back. I know this is malware analysis, however many of these concepts overlap with exploitation analysis skills (debugging, reveng, code constructs in assembly, etc...). I would highly suggest it. – Jordan Hanna May 15 '14 at 14:56

5 Answers5

25

Vulnhub is a collection of vulnerable distributions along with walkthroughs contributed by the community.

exploit-exercises.com provides a variety of virtual machines, documentation and challenges that can be used to learn about a variety of computer security issues such as privilege escalation, vulnerability analysis, exploit development, debugging, reverse engineering, and general cyber security issues.

PentesterLab has interesting exercises, some o them are about exploit development.

RebootUser has a lab that includes a Vulnix - a vulnerable Linux machine, VulVoIP - a relatively old AsteriskNOW distribution and has a number of weaknesses, and VulnVPN - a VM that you can practice exploiting the VPN service to gain access to the sever and ‘internal’ services.

BackTrack PenTesting Edition lab is an all-in-one penetration testing lab environment that includes all of the hosts, network infrastructure, tools, and targets necessary to practice penetration testing. It includes: a DMZ network with two hosts targets, an “internal” network with one host target and a pre-configured firewall.

PwnOS is a Debian VM of a target on which you can practice penetration testing with the goal of getting root.

Holynix is an Linux vmware image that was deliberately built to have security holes for the purposes of penetration testing.

Kioptrix VM is targeted at the beginner.

Scene One is a pentesting scenario liveCD made for a bit of fun and learning.

Sauron is a Linux system with a number of vulnerable web services.

LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach Linux, Apache, PHP and MySQL security.

OSCP, OSCE, SANS 660 and HackinkDOJO are some of the paid courses that have good practical labs.

Hacking challenge websites can also provide challenges that are increasing in difficulty, fun and addictive. WeChall is a website that aggregates scores on other challenge websites and it has a category for websites with exploits.

CTF (Capture The Flag) events have challenges where you are required to exploit local or remote software. Most live events are available on CTFTime but there are repositories of past events and some CTFs are still available after the live event.

But for exploit development, I suggest installing vulnerable applications on your own computer where you could easily perform analysis. The application doesn't necessarily have to be a server or run on a different computer. Go to exploit-db and find old exploits there, then look for that version of the vulnerable software and start working on it. If you need hints, the actual exploit can point you in the right direction.

Cristian Dobre
  • 9,797
  • 1
  • 30
  • 50
  • 1
    about your suggestion. Thats what i actually did, but isn't "hints from the (original) exploit" just like cheating. Or being a copycat? I try to avoid that, thats also the reason i am searching for exercises and learn doing it on my own. – Dirk May 14 '14 at 18:15
  • 2
    I call it training, not cheating. And I call it research if you work on software that doesn't have public exploits. Go to this address http://download.cnet.com/new-windows-software/ for new software you can do research on. – Cristian Dobre May 14 '14 at 19:18
6

If you are interested in hacking web apps, check out the OWASP Hackademic Challenges. That sounds somewhat tangential to your interest, but I figured I'd mention it just in case.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198
6

You can check out Metasploitable 1 & 2 from Rapid7!

executifs
  • 4,772
  • 4
  • 23
  • 25
  • okay with metasploitable my only question would be, do the vulnerability differ in the different versions? – Dirk May 14 '14 at 13:18
  • @PolymathMonkey My understanding is that Metasploitable 2 includes the vulnerabilities of the first version. Quote from the official website: "Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image" – executifs May 14 '14 at 13:37
2

Web security dojo is a Ubuntu based distribution for practicing web app security testing. It has all the necessary tools and documentation to get a beginner going.

Jor-el
  • 2,061
  • 17
  • 24
2

A lot of great links in here, but I didn't see any mentioning VulnServer, which is one of my personal favs. Old CTFs as someone mentioned are very good, as you usually can find the answer to verify (or if you get stuck).

Corelan tutorials are very good. I understand you don't want to just follow a tutorial, so I will tell you how I go about avoiding that myself. I tend to just read the intro to see what program they are exploiting and on what platform. Then I attempt to fuzz and exploit it myself, and use the tutorial for when I get stuck or want to verify my results (also to get further insight and tips into the process for that vuln).

Snort had something as well called Advanced Windows Buffer Overflow (AWBO). It requires Windows 2000 SP4 for the platform, but other than that they are quite good and you can find tutorials around the net for them in case you get stuck.

Jordan Hanna
  • 378
  • 2
  • 5
  • Thanks for that advice, i also like VulnServer the most, and them corelan tutorials are awesome to get better understanding. The Snort AWBO Stuff sounds also great but i did not had the time yet to digg deeper into that. – Dirk May 15 '14 at 11:43