Wednesday, March 14, 2012

Set up your environment for security testing

If you do not have any old Windows XP CD, you can try to download the Federal Desktop Core configuration (FDCC) image from NIST.

For Windows XP, here are the download links:

http://nvd.nist.gov/download/FDCC-Q4-2009/FDCC_IMAGES/XP-Q4-2009/XP_NIST_FDCC_Q4_2009.zip

http://nvd.nist.gov/download/FDCC-Q4-2009/FDCC_IMAGES/XP-Q4-2009/XP_NIST_FDCC_Q4_2009.z01

http://nvd.nist.gov/download/FDCC-Q4-2009/FDCC_IMAGES/XP-Q4-2009/XP_NIST_FDCC_Q4_2009.z02

http://nvd.nist.gov/download/FDCC-Q4-2009/FDCC_IMAGES/XP-Q4-2009/XP_NIST_FDCC_Q4_2009.z03

The username / password scheme for the Image is:

Renamed_Admin / P@ssw0rd123456

http://www.offensive-security.com/metasploit-unleashed/Metasploitable

Metasploitable is a VMware based virtual machine running Ubuntu 8.04 server. A number of vulnerable services have been included, some of which are an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older version of mysql server.

http://think-security.com/metasploitable-your-first-training-ground/

Here are some of the credentials that you can use to access it:

msfadmin:msfadmin

user:user

service:service

postgres:postgres

klog:123456789

Posted by at

2 comments:

  1. AnonymousMarch 30, 2012 at 8:10 PM

    Hi,

    On which OS metasploit works better, Windows, or Linux.

    If Linux then is it possible to download vulnerable FDCC XP images on it?

    Thanks,
    Sun

    ReplyDelete
  2. michael xinApril 17, 2012 at 1:38 PM

    I did not try metasploit on Windows. I have been using BackTrack with Metasploit installed. It is linux and I like it.

    If you run it on Linux. You can download FDCC XP images and create a virtual machine without any problem.

    ReplyDelete

Subscribe to: Post Comments (Atom)