Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

List of deliberately insecure images?

itchyfish (20104) writes | about 7 years ago

Security 3

itchyfish (20104) writes "Does anyone know of a good source of deliberately insecure OS images, preferably for VMWare? Googling didn't help much. I'd like to set up a testing lab for some people to practice pen testing, ethical hacking, etc. Of course I could build a bunch of images with specific 'holes' in them myself, but I'm lazy (or smart depending on your point of view) and don't want to do it if someone else has already done so."

cancel ×


Sorry! There are no comments related to the filter you selected.

Honeypot (1)

HTH NE1 (675604) | about 7 years ago | (#20563027)

I believe the term you're reaching for is "honeypot". You're looking to deploy honeypots and are looking for prebuilt installation images to install.

I don't have an answer other than to install Windows and never use Windows Update.

Build your own (1)

HomelessInLaJolla (1026842) | about 7 years ago | (#20563299)

Honeypots are nice because the software documentation will lead to the software which (attempts to) exploit(s) them. This is important because there are many bug reports but relatively few working exploits. If one is looking to distribute an insecure OS to unknowing recipients it is (usually) important to know how to exploit the insecurities (unless the recipients themselves are the honeypot). Once the susceptible releases of targettable, exploitable packages are known it is straightforward to create a distro including them. Working with d-i or LFS is a good way for a user, one who is competent with the installation of a GNU/Linux OS, the compiling of kernels, and the usage of CDs as a storage medium, to familiarize themselves with a useable method.

I have seen (at least) one distro which was tailored for insecurity and exploit testing. I cannot provide a link so I may be lying.

Re:Build your own (0)

Anonymous Coward | about 7 years ago | (#20566581)

I cannot provide a link so I may be lying.
Just like all your other posts. Regardless, the submitter isn't asking about Linux anyways.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>