HomeAboutMailing ListList Chatter /0/0 3.236.156.32

Best Linode Distro for Demonstrating Exploits?

2020-10-28 by: Dan Mailman
From: Dan Mailman 
------------------------------------------------------
  I'm looking for the best linode distro for demonstrating security
exploits.

This URL shows the Linux Distributions available on Linode.

https://www.linode.com/distributions/

I have to do a school project to demonstrate successful and
thwarted exploits.

This is the exploit list:

1. SQL Injection (SQL and NoSQL)
2. Denial of Service
3. Exploiting Unpatched Services / DB Vulnerabilities
4. Brute-Force Cracking
5. Exploiting Unused/Unnecessary Database Services
6. Unencrypted Sensitive Data At-Rest an In-Motion
7. Buffer Overflows


Any advice on distros or other resources the would be appreciated.

-Dan

=============================================================== From: Nick Smith ------------------------------------------------------ Kali will have everything you need and then some.

=============================================================== From: Dan Mailman ------------------------------------------------------ Hi Nick, Thanks for your quick response! Unfortunately, kali is not on the distro list for linode. If you get a chance to look through the linode distro list from the URL I posted, please let me know? Best, Dan

=============================================================== From: Stephen Haywood ------------------------------------------------------ Your best bet is to pick a distro you are familiar with and install vulnerable software on it. You will have to manually install the software because the package manager will have the fixed versions. Take a look at the following: Metasploitable on Ubuntu: https://www.thomaslaurenson.com/blog/2018/07/03/metasploitable3-building-the-ubuntu-linux-version/ Damn Vulnerable Web App: http://www.dvwa.co.uk OWASP Juice Shop: https://owasp.org/www-project-juice-shop/ You can look for particular exploits onExploitDB https://www.exploit-db.com and download the vulnerable software as well. Thanks, Stephen -- Stephen Haywood OSCP, OSCE 423.305.3700