There are intentionally vulnerable virtual machines that
security professionals use to practice penetration testing trainings, conduct
security trainings and test out tools and exploits. These virtual machines are
best for honing your skills as the most basic vulnerabilities are available for
you to discover and exploit giving you confidence and experience at finding
them.
Metaploitable 2
Metasploitable is am Ubuntu Linux virtual machine. This is
number 1 on my list because it allows you to learn from basics to advance on
both infrastructure penetration testing and web penetration testing with
Mutillidae and DVWA pre-installed.
You can find the VM here
Good thing about Metaploitable is that it will use the least
amount of your computer’s resources with 512MB of RAM and 8GB of HDD leaving
you more room for more VMs’ running at the same time.
Go ahead download the VM and get it ready to run.
Note that, by default, there are 2 network adapters
installed on the VM. Remove the 2nd network adapter and change the
first one from NAT to VMNet1 (Host Only) so that it is in the network as your
attacker machine.
Hackxor
This is designed as a game where you have to gain root
access to the system through the progressing the game story. This is focused on
web application hacking.
You can find the VM here
There are hundreds of other vulnerable VMs available out there which have not been mentioned. Because all you need to get started is Metaploitable and Hackxor. After mastering these two, you will have enough experience to go on and pwn machines solo :)
-Jayesh Kerai (@secjay)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.