EH-Net

Hi, I'm new to ethical hacking/penetration testing and I was wondering if there's anything like a repository for vulnerable application source code.

I'd like to practice compiling the sources of vulnerable software and try running exploits on them.

Thanks

this thread  (http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5043.msg25117/topicseen,1/#new) might have some of what you're looking for. It'll also give you some ideas.

Milw0rm has some of the exploits you can compile yourself, but might not be what you're after.

Hey chrisj, thanks for replying.

The resource you linked to is very cool, and I'll definitely be looking into it. Thanks a lot!

Though, I guess what I'm looking for is a software database to go along with exploits. From my limited experience in searching for vulnerable software I've noticed that vendors seem to omit them, or only offer a patched version in the download links.

I'll just keep Googling until I find a vulnerability + exploit combination that works.

The exploit-database (http://www.exploit-db.com/) offers not only exploits but also a mirror of the vuln. software, so this might be something you are looking for.

This might be a problem if you are looking for commercial uncompiled code.  You may need to look into open source code.  In which case this may help, http://osvdb.org/.


Right, because the software is vulnerable.  Preventing vulnerable software from being available reduces their liabilities.


That works too.  You can also check out OWASP (http://www.owasp.org).  I'd consider them the leaders in open source security.

I have also sometimes had luck finding the vulnerable version of the archive.org site.   You have to know the filename of the download you are looking for, but sometimes it comes through.

Wow, thanks a lot everybody. Your posts have been very helpful to me.