Metasploitable
Metasploit recently released version 3.4.0 of the Framework with many improvements and new exploits and a new commercial product, Metasploit Express. Today, they followed that up with a VM image that can be used as an exploitable practice target.
Introducing Metasploitable – [metasploit.com]
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.
You can use most VMware products to run it, and you’ll want to make sure it’s configured for Host-only networking unless it’s in your lab – no need to throw another vulnerable machine on the corporate network. It’s configured in non-persistent-disk mode, so you can simply reset it if you accidentally ‘rm -rf’ it.
Metasploit – Penetration Testing Resources – [metasploit.com]
2010-05-18: Metasploit Framework 3.4.0 Released
Version 3.4.0 of the Metasploit penetration testing framework has been released, encompassing major improvements to the Meterpreter payload, an expansion of the framework’s brute force capabilities, and the complete overhaul of the backend database schema and event subsystem. In addition, more than 100 new exploit modules and over 40 auxiliary modules have been added since version 3.3. The full release notes are online.2010-05-18: Metasploit Express Now Available
Metasploit Express, an easy to use penetration testing product based on the Metasploit Framework, is now available for purchase and evaluations. Metasploit Express delivers a full graphical user interface, an advanced penetration testing workflow engine, automated exploitation capabilities, native integration with nmap and Rapid7 NeXpose, complete user action audit logs, and configurable reporting. Additionally, Metasploit Express is fully supported by Rapid7 security and support specialists as well as the large and growing Metasploit community.
SEE ALSO:
Metasploit Roundup
Metasploit
Meterpreter
