First, there were DVWA and the recently released Jarlsberg. These were vulnerable web applications. Now, the makers of the most famous and free penetration testing tool have brought us Metasploitable, a VMWare image that contains a number of vulnerable packages.
Getting to the details, Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image, that contains applications that are waiting to be exploited including Apache Tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. All you need to do is run it with any VMWare product that can run a server image and start your war games. To be precise, it has installations that run on their own pre-defined ports – ftp, ssh, telnet, smtp, dns (UDP & TCP), http, netbios, smb (on 139/TCP and 445/TCP), mysql, distccd, postgres. That is a lot of work to do. You can even bruteforce any of these services with the newly released Metasploit 3.4.0.
If you own a license to the Metasploit Express, you can download directly via HTTP after logging in to your customer center panel. If you are not, you will have to download it using your favourite Torrent client. A download link for the torrent can be found here.
Searches leading to this post:
metasploitable, Metasploitable download, metasploitable iso, metasploitable login, download metasploitable, metasploitable tutorial, metasploitable iso download, metasploitable vm download, vulnerable server, metasploitable torrent, metasploitable xp, vulnerable vmware images, dns server metasploitable
Comments on this entry are closed.