May 26, 2017, 03:36:56 PM
Welcome, Guest. Please login or register.

You Did *NOT* Just Win a Nigerian Lottery...

Author Topic: How to make my own linux vulnerable image (Scope Web, Network, Forensic, Malware  (Read 954 times)

Offline bakie

  • Prospect
  • *
  • Posts: 46
  • Internets: +0/-0
I made many practice for penetrate testing (aka pentesting) with various Vulnerable images or ISO like Metasploitable, pWnOS, Badstore, De-ICE and etc. After making a lot of exercises, I found a little trick for Web, Network and Forensic security flaws in real world. So I wanna also make challenges with my own vulnerable images like Metasploitable, pWnOS, Badstore, De-ICE and etc.. I intended vulnerable images for local pentesting with vmware or virtual box.

When I was googling for that, I cannot see resources for making vulnerable images (ISO/ Virtual image). I just found for download links that vulnerable images.

So, please guide to me how I can start for making my own linux vulnerable images. (Intended for Scopes Web, Network, Forensic, Malware but Individually dedicated for one scopes) ?

Just to clearify, my main question here is about for making my own linux vulnerable images. (Intended for Scopes Web, Network, Forensic, Malware but Individually dedicated for one scopes)

Thanks in advance
« Last Edit: April 13, 2015, 07:29:46 AM by GalaxyNinja »

Offline GalaxyNinja

  • Global Moderator
  • Elite
  • *****
  • Posts: 1711
  • Internets: +94/-0
  • My password is **********
Hey there bakie, I changed the topic icon to a question mark for ya.  ;)
Unfortunately I don't know how to make a vulnerable ISO, but hopefully someone else will be able to walk you through the steps.

Online Gingerbread Man

  • *High Tech Low-life*
  • Administrator
  • Elite
  • *****
  • Posts: 926
  • Internets: +93/-0
There is nothing magical about making "vulnerable" test VMs...

Even things not intended for testing can be considered vulnerable if they contain exploitable software or configurations...Old versions of operating systems loaded up with "freeware" are great places to start...Look for a patch...and get the version right before that...exploit the vuln(s) addressed in the patch...

Good places for older versions of software:

http://www.oldversion.com/
http://oldapps.com

The "Oh look I popped it" challenges can get old fairly quickly though...you need to mix it up so that folks cannot just do some banner grabbing and go to town...Creating the scenario...the back story...that is what makes interesting and rewarding challenges (IMO)...

Is this a CEOs computer? Is this a "Sales terminal" in the main lobby that just happens to be dual homed...Are all of the passwords names of comic book story lines? Go beyond Jeopardy-style...integrate a series of challenges into a narrative...

And for goodness sake...Include some lulz...Some of us can only do it when it is funny...;)
« Last Edit: April 13, 2015, 07:58:10 AM by Gingerbread Man »

Online Gingerbread Man

  • *High Tech Low-life*
  • Administrator
  • Elite
  • *****
  • Posts: 926
  • Internets: +93/-0
Oh and IMO, ISOs are a pain in the ass...Just make a VM and compress.

Offline bakie

  • Prospect
  • *
  • Posts: 46
  • Internets: +0/-0
Thank you very much for infos, when I made googling but there is no good tuto for that.
By the way, OVA is more compatible via platform.
If someone know about that, please help and post here.
« Last Edit: April 13, 2015, 08:19:26 AM by bakie »

Offline H4v0K

  • Administrator
  • Elite
  • *****
  • Posts: 1016
  • Internets: +986/-1
Why not just install the OS that u wan to make a Vuln OS out of,then export it to ova from Virtual Box or Vmware .

*example*
Install ubuntu iso into a vm like u regularly would then add what ever vulnerable software and so on . when done in the options export the vm and it will save to ova if i remember correctly..then all u do is share the ova :)