Re: a "good" vulnerability for educational purposes

---

• From: "Kelly Keeton" <kellyrkeeton@xxxxxxxxx>
• Date: Mon, 18 Aug 2008 13:55:27 -0700

---

Also there are Live Cd's with things your looking for...

http://de-ice.net/
http://www.damnvulnerablelinux.org/

no so but some...

http://www.owasp.org/index.php/Category:OWASP_Live_CD_Project


On Mon, Aug 18, 2008 at 12:07 PM, Andre Amorim <decouk@xxxxxxxxx> wrote:

Dear Trajce,
My suggestion is ...
Download some old softwares with bugs.
https://www.securinfos.info/old_softwares_vulnerable.php

then use metasploit to exploit it.
Also there is a nice intro tutorial here showing how to write a
exploit with metasploit framework.
http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit


All the best,
Andre Amorim
GnuPG KEY: 2048R/3E10FF47
Download:
http://pgp.zdv.uni-mainz.de:11371/pks/lookup?op=get&search=0x7C3B77763E10FF47

2008/8/18 <dimkovtrajce@xxxxxxxxx>:

Hi,

Our goal is to teach master students in computer security in pen testing remote servers.

As an exercise we want to introduce a vulnerability in IIS or Apache (or any other place you might suggest)which is recognizable with current vulnerability scanners(ex.nessus), but requires some coding/payload generation to exploit the vulnerability.

I am considering bugtracq, but there are many vulnerabilities there which i can not filter with the requirements above.

Can you point me to any "good" vulnerability for this purpose?



Regards,
Trajce


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: a "good" vulnerability for educational purposes
    • From: eldraco
  • Re: a "good" vulnerability for educational purposes
    • From: Jorge L. Vazquez

• References:
  • a "good" vulnerability for educational purposes
    • From: dimkovtrajce
  • Re: a "good" vulnerability for educational purposes
    • From: Andre Amorim

• Prev by Date: Re: a "good" vulnerability for educational purposes
• Next by Date: Re: After getting the alerts generated by IDS how we distinguish true positive.false positive and false negative.
• Previous by thread: Re: a "good" vulnerability for educational purposes
• Next by thread: Re: a "good" vulnerability for educational purposes
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: setting up a lab ... Securing Web Applications ... Get 45 Min Video and PPT Slides ... (Pen-Test) Re: How to get the list of domain admins ... Top 5 Common Mistakes in Securing Web Applications ... Get 45 Min Video and PPT Slides ... (Pen-Test) Questionable Security Policy [WAS: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]] ... Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video ... and PPT Slides ... (Pen-Test) Re: Pen Testing Companies in Germany & England ... Securing Web Applications ... Get 45 Min Video and PPT Slides ... (Pen-Test) Re: Kismet and Nokia 770 ... Securing Web Applications ... Get 45 Min Video and PPT Slides ... (Pen-Test)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2008-08