Autor
Citar
First, there were DVWA and the recently released Jarlsberg. These were vulnerable web applications. Now, the makers of the most famous and free penetration testing tool have brought us Metasploitable, a VMWare image that contains a number of vulnerable packages.
Getting to the details, Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image, that contains applications that are waiting to be exploited including Apache Tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. All you need to do is run it with any VMWare product that can run a server image and start your war games. To be precise, it has installations that run on their own pre-defined ports – ftp, ssh, telnet, smtp, dns (UDP & TCP), http, netbios, smb (on 139/TCP and 445/TCP), mysql, distccd, postgres. That is a lot of work to do. You can even bruteforce any of these services with the newly released Metasploit 3.4.0.
Getting to the details, Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image, that contains applications that are waiting to be exploited including Apache Tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. All you need to do is run it with any VMWare product that can run a server image and start your war games. To be precise, it has installations that run on their own pre-defined ports – ftp, ssh, telnet, smtp, dns (UDP & TCP), http, netbios, smb (on 139/TCP and 445/TCP), mysql, distccd, postgres. That is a lot of work to do. You can even bruteforce any of these services with the newly released Metasploit 3.4.0.
+info: http://blog.metasploit.com/2010/05/introducing-metasploitable.html
En línea
