Exploitable Virtual Machines zum trainieren

[S3M73X]

Hier sammeln wir Links zu saemtlichen Wargame-LiveSystemen oder virtuellen Maschinen an denen man Angriffe ueben kann.

Metasploitable
Gilt fast schon als Standard in dem Bereich. Informationen findet man auch im MSFU-Kurs:
http://www.offensive-security.com/me...urity_Training
http://blog.metasploit.com/2010/05/i...ploitable.html


Ansonsten gibt es noch eine umfangreiche Liste von g0tmilk:
http://g0tmi1k.blogspot.com/2011/03/...by-design.html

Eine vulnerable Image von der Uni Marburg welches hauptsaechlich Web-Schwachstellen hat. (thx2pigtail)
http://ds.mathematik.uni-marburg.de/~lbaumgaertner/vulnimage.zip

Weitere Liste mit einigen interessanten Distributionen dafuer:
http://bailey.st/blog/2010/09/14/pen...ications-list/

Kioptrix
http://www.kioptrix.com/blog/?page_id=135

hackxor

I'd like to introduce hackxor, a webgoat-like hacking game with a plot
and an emphasis on realism, difficulty and actually exploiting
vulnerabilities. It uses the amazingly nifty HtmlUnit to simulate other
users, so you can write your own XSS/CSRF payloads. While the complete
version is a VM image that has to be downloaded&installed aka DVWA, the
first two levels can be played online, as SourceForge is bravely hosting
them at http://hackxor.sourceforge.net/

It contains XSS, CSRF, SQLi, ReDoS, DOR, command injection and plenty of
other vulnerabilities that don't have succinct acronyms. Sadly, due to
time constraints there aren't any timing or entropy attacks (although
you'll have a self-inflicted time-limit if you mess up the ReDoS).
Still, I think the later levels will be difficult enough for nearly
everyone to have a challenge.

[m-1-k-3]

am Ende der Seite: http://www.s3cur1ty.de/metasploit-hacking-websites

have phun