Disclaimer:
The contents of this blog are meant for defensive purposes only. By testing in a controlled environment, security students and professionals can educate themselves LEGALLY. The contents of this blog are meant for educational purposes. Anything used outside of your scope of permissions is likely to be illegal.
Setup:
- Download VMware player
- This is just my personal preference for running VMs
- VMware Player is free for personal use
- Remember to enable virtualization via BIOS settings if you haven’t already!!
VM Note: Since most run multiple VMs on the same physical box, you may want to use a “Bridged” connection. This means that the VM is treated as its own physical box on the network, with its own IP address (as opposed to sharing an IP with the host box). See below:
Offensive platforms:
- Kali Linux
- A distro based on Debian, loaded with a bunch of popular tools for pen testing and forensics
Vulnerable platforms:
- Metasploitable 2
- All around great for learning web app vulns, service vulns..a bit of everything.
- Web For Pentester
- Has a lot of great basic web application and database vulns to test
- CySCA2014-in-a-Box
- Contains challenges used in Cyber Security Challenge Australia 2014
Mobile
- Genymotion free version for android device virtualizaiton, alternative to AVD
- Android-sdk
- Includes Android Virtual Device (AVD) and Android Debug Bridge (ADB)
- OWASP GoatDroid Project – vulnerable Android application platform
Misc.
- Exploit-db.com
- Datalossdb.org
- Password lists, compiled by SkullSecurity
- My GitHub
Pingback: Social Engineering Toolkit (SET) Shell Reverse_TCP via Spoofed Web Page | lightsec
Pingback: SSH dictionary attack with Hydra-gtk | lightsec