lunes, 14 de marzo de 2011

Penetration Testing - Vulnerable - ISO

Adjunto una relación de imagenes para penetration Testing, se pueden montar sobre VMWare o VirtualBox y practicar (Si veo mas las ire añadiendo):

Holynix is an Linux distribution that was deliberately built to have security holes for the purposes of penetration testing.
The object of the challenge v1 is to gain root level privileges and access to personal client information.
Register on the forums to receive an email update when a new challenge is released.

WackoPicko Vulnerable Website
WackoPicko is a website that contains known vulnerabilities. It was first used for the paper Why Johnny Can't Pentest: An Analysis of Black-box Web Vulnerability Scanners.

The PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.

Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image.
One of the questions that we often hear is "What systems can i use to test against?" Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes. Vulnerable Web App: Vulnerable Web app designed as a learning platform to test various SQL injection Techniques This is a fully functional web site with a content management system based on fckeditor. You can download it as source code or a pre configured

Badstore: is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.

Virtual Hacking Lab (pentoo):
A mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats.

PwnOS is an operating system being written from the ground up to be ideal for making the most of resource-rich dedicated server systems.
The most significant section of the project is to create a core (kernel) that is designed to be best suited for servers (e.g. usually one process with many threads of varying priorities). Much (highly-regulated) assembly language and some C is used here to increase the performance and decrease bloat potential, (because to code this in assembly, it's ESSENTIAL to have excellent, lean code design).
Development of PwnOS will be switching to be done with PwnIDE once PwnIDE reaches version 0.2.4. Development so far has been done with RadASM and MASM32 for assembly, and Dev-C++ and MinGW for C/C++. Documentation is produced with Natural Docs. Custom linking is done with a utility called JLOC, and drive image writing is done with various utilities.

Damn Vulnerable Linux (DVL):
Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author's university lectures. Its primary goal is to design a Linux system that is as vulnerable as possible -- in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.

Damn Vulnerable Web App (DVWA):
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
- Testing Web Application Security Scanners
- Testing Static Code Analysis tools (SCA)

- Giving an introductory course to Web Application Security

This is the Hacking-Lab LiveCD project. It is currently in beta stadium. The live-cd is a standardized client environment for solving our Hacking-Lab wargame challenges from remote. A valid OpenVPN connection is required for accessing the Hacking-Lab server infrastructure. Do you feel like being a beta-tester? Yes? Please make yourself familiar with the the full beta-tester programm where you find everything required to start using Hacking-Lab Remote.

OWASP Broken Web Applications Project:
Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost VMware Player and VMware Server products (along with their commercial products).

LAMPSecurity Training:
LAMPSecurity training is designed to be a series of vunlerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.

Web Security Dojo:
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo.
The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Updated 12/06/2011

The OWASP Hackademic Challenges project implements realistic scenarios with known vulnerabilities in a safe, controllable environment. Users can attempt to discover and exploit these vulnerabilities in order to learn important concepts of information security through the attacker's perspective.

They have been especially designed for use in a classroom environment where they have been proved a valuable educational tool. Using OWASP Hackademic Challenges project students have the chance to experience application security in a realistic environment, something that triggers their interest and provokes a lot of interesting discussions.


Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc

Client attack simulation using HtmlUnit; no alert('xss') here.
Smooth difficulty gradient from moderately easy to fiendishly tricky.
Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)
Open ended play; progress by any means possible.
Updated 27/07/2011

Want to beat the hackers at their own game?Learn how hackers find security vulnerabilities! Learn how hackers exploit web applications! Learn how to stop them!
This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application. Specifically, you'll learn the following:

How an application can be attacked using common web security vulnerabilities, like cross-site scripting vulnerabilities (XSS) and cross-site request forgery (XSRF).
How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as denial-of-service, information disclosure, or remote code execution.

To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general knowledge of HTML, templates, cookies, AJAX, etc.).

Updated 28/07/2011

SWEET (Secure WEb dEvelopment Teaching) is a set of portable teaching modules for secure web development. SWEET features eight teaching modules, six project modules and a virtualized web development platform that allows instructors to conduct hands-on laboratory exercises. The purpose of this project is to enhance the learning experience of computing students through standardized teaching modules and environment in secure web development. We have adopted this teaching tool to introduce web security concepts in both undergraduate and graduate courses. Each SWEET teaching module will be enough for a three-hour class containing lecture materials and hands-on laboratory exercises that are relevant to the contents in the lectures.

Updated 15/05/2012
On Null Byte Poisoning and XPath Injection:

From Spiderlabs Blog:
Recently I released a tool called XMLmao, a configurable testbed for learning to exploit XPath injection flaws, developing new attack techniques for XPath injection flaws or simulating real-world XPath injection scenarios, similar to SQLol. Among other features, it has challenge scenarios which give you a set of pre-configured options and an objective to complete. As of recently, I've begun to write tutorials for each challenge which will be distributed with their respective testbeds.

Updated 26/01/2014

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares to conduct successful penetration testing and ethical hacking projects.

What makes bWAPP so unique? Well, it has over 60 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux, Windows and Mac with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.
Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.

Download our What is bWAPP? introduction tutorial, including free exercises...

bWAPP is for educational purposes. Education, the most powerful weapon which we can use to change the world.
Have fun with this free and open source project!

Cheers, Malik Mesellem

1 comentario:

  1. This is great! thank you for writing this list. very useful...