Lab Setup

If you are serious about pen testing you need somewhere to practice your skills. Many course now provided a lab that you can pay to have access to for a certains period of course this is great but you can always build your own lab.

In order to build you own lab you need half decent computer that can run multiple virtual machines. I would say any PC or Laptop that has at least 4GB of Ram should be enough to start off with.

The type of lab you have really does depend on what area you wish to focus my contains a mixture of web and network based virtual machines.These are all sotred on a HP n40L mini server running Esxi. There are many great resources for building a lab this post will mainly provide links to resources and help you get setup with a lab in no time at all.

Complete OS
Name: Damn Vulnerable Linux
Homepage: http://www.damnvulnerablelinux.org/

Name: De-ICE
Homepage: http://heorot.net/livecds/ or http://www.de-ice.net
Notes: There are also some others that are no listed above but you can find them with a google search.

Name: Hackademic
Homepage: http://ghostinthelab.wordpress.com/

Name: Kioptrix
Homepage: http://www.kioptrix.com

Name: Metasploitable
Homepage: http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Name: pWnOS
Homepage: http://forums.heorot.net/viewtopic.php?f=21&t=149

Offline Web sites

Name: Damn Vulnerable Web App
Homepage: http://www.dvwa.co.uk/

Name: Hacme
Homepage: http://www.mcafee.com/us/downloads/free-tools/index.aspx

Name: Moth
Homepage: http://www.bonsai-sec.com/en/research/moth.php

Name: Mutillidae
Homepage: http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

Name: OWASP WebGoat
Homepage: http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

There are also online sites for a more complete list visit g0tmi1k blog as he done excellent job in listing them all. http://g0tmi1k.blogspot.co.uk/2011/03/vulnerable-by-design.html

another new site is https://hack.me/ this is an online website where you get your own sandbox to practice in. The great thing about this is if you are a developer you can build other challenges for others to attempt.

There are also many books that provide detail on settings up a lab:
Professional pentester by Thomas Whilem goes into great details about labs
Advanced Penetration Testing for Highly-Secured Environments by Lee Allen also covers labs and adds additional open source components like pfsense to the mix.

Leave a Reply