Re: Attack Server



Another good vm for pre-configured web apps is the OWASPBWA (it
includes DVWA). You might check that out.

http://code.google.com/p/owaspbwa/

-Terry


On Wed, Sep 8, 2010 at 9:51 AM, TAS <p0wnsauc3@xxxxxxxxx> wrote:

Hey Kurt,

I end up responding to most of your emails :)

If you are also looking at setting up vulnerable web applications in the lab then have a look at a comprehensive list complied at

Http://securitythoughts.wordpress.com

TASQ



On Sep 8, 2010, at 20:34, "Kurt M. John" <kurt.md.john@xxxxxxxxx> wrote:

Hey Guys,

I got another one for you. I'm looking to create a combination
attack/testing server. The idea here is to have a server than can
perform remote analysis and attacks (and perform such services as tftp)..
The server will also double as a testing server. Ideally I'd like to
have a few VMs on there such as Damn Vulnerable Linux (for training) and
Windows Server 2003 (for fine-tuning attacks before launching it against
client systems).

Currently the server has the following hardware specs: 4gigs of ram and
1TB of space.

If you guys have any suggestions or links/documents which offer a good
setup for what I described that would be great.

Initial software I'm thinking includes:

Windows Server 2003
VMWare Workstation
     Helix     Backtrack4     Damn Vulnerable Linux     Windows XP, 7


Thanks Guys

Kurt M. John, CISA, C|EH, CPT
http://www.applisoft.net





------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------