Penetration Testing: Re: setting up a lab

[Claudio Criscione <blackfireml () securenetwork it>]

On Sunday 07 September 2008 19:07:04 Michael Kitange wrote:
> hi guys,
> i am looking for tips on creating my own pen-test lab. i've got two
> computest. one xp and the other one zenwalk. i've got a router
Hello Micheal
 I think you're going the wrong way on this one. It actually depends on what 
you're going to test, but as long as you're not going to test kernel level 
stuff (which, I'm told, is not working as it should under a virtual 
environment) you should definitly go for virtualization. Choose one of the 
machines (or both) and install Ubuntu server or any other lightweight server 
distribution with VMware/anyvirtualstuff support, then install every OS as a 
virtual machine. It will save you time and you will be able to run more OSes 
at once.

> i'd also like to know what tools should i use to test and some good
> vulnerable servers. i'm currently downloading backtrack3. 
Well, you should start with some old Win and Linux versions, but it really 
depends on what you are going to test. If you're more into the web 
application stuff, it's quite easy to find vulnerable ones: just look for old 
versions.
Should you prefer more old-style hacking, try with 
https://www.securinfos.info/old-softwares-vulnerable.php (went through this 
list some time ago).


-- 
Claudio Criscione

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------