Vulnerable Platforms for Practicing Pen Testing

In a series of previous posts, I built a virtual Windows domain and a virtual DMZ which hosted a screened subnet. The point of the exercise was to build a network of servers and firewalls from the ground up. Once built the network could then be configured as required to test various penetration attacks, security audits or any other relevant testing scenarios you might want to create.

Of course while it was good practice, it wasn’t completely necessary to build the network. There are a whole host of vulnerable platforms that have been built with deliberate flaws in their configuration or in the services running on them. Generally the ultimate goal of most of the platforms is to break into the server and gain root access or to access sensitive files on the server. To do so you need to use various tools and gain a certain level of expertise.

I’m going to focus on three well known versions of these deliberately vulnerable platforms. I’m going to go through the De-ICE, pWnOS and Kioptrix servers.

First up is De-ICE 100. I’ll post the methods and tools I used to break into this system in the coming days.

If you have cracked these systems and see improvements in what I am doing, used different tools or reached the end-point in a different way. Please contact me as I post my work and share your thoughts…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s