We’ve all been there before, having to do a demo to show the dangers of not patching, or insecure operating systems, and then spending ages configuring a vulnerable host for the demo. Or even just wanting to set up a host so that you can better familiarize yourself with Metasploit, it takes a while to build a vulnerable machine, in my experience it actually always seems to take me longer to build an insecure machine than a secure one.
The crew over at Metasploit recently released Metasploitable, which is an Ubuntu 8.04 server install as a VMWare image, it includes a number of vulnerable packages, such as tomcat, mysql, tikiwiki, and others.
This is definetely a move in the right direction if you ask me, as this is just the type of thing that I’ve been looking for, as this is going to save me hours of time, and will be perfect for a lot of my presentation needs, and will also help me to train others up on the many facets of Metasploit.
For more info on Metasploitable, read the Metasploit blog post here.
To download the torrent directly, you can get it from here.