HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 42 guests and 3 members online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Vulnerable Software Repository?
EH-Net
May 24, 2013, 09:25:21 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Vulnerable Software Repository?  (Read 7340 times)
0 Members and 1 Guest are viewing this topic.
dtoliaferro
Newbie
*
Offline Offline

Posts: 7


View Profile
« on: February 17, 2010, 06:55:53 PM »
Hi, I'm new to ethical hacking/penetration testing and I was wondering if there's anything like a repository for vulnerable application source code.

I'd like to practice compiling the sources of vulnerable software and try running exploits on them.

Thanks
Logged
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #1 on: February 17, 2010, 08:15:25 PM »
this thread might have some of what you're looking for. It'll also give you some ideas.

Milw0rm has some of the exploits you can compile yourself, but might not be what you're after.
Logged
OSWP, Sec+
dtoliaferro
Newbie
*
Offline Offline

Posts: 7


View Profile
« Reply #2 on: February 17, 2010, 08:33:42 PM »
Hey chrisj, thanks for replying.

The resource you linked to is very cool, and I'll definitely be looking into it. Thanks a lot!

Though, I guess what I'm looking for is a software database to go along with exploits. From my limited experience in searching for vulnerable software I've noticed that vendors seem to omit them, or only offer a patched version in the download links.

I'll just keep Googling until I find a vulnerability + exploit combination that works.
Logged
UNIX
Hero Member
*****
Offline Offline

Posts: 1235


View Profile
« Reply #3 on: February 17, 2010, 11:58:19 PM »
The exploit-database offers not only exploits but also a mirror of the vuln. software, so this might be something you are looking for.
Logged
unsupported
Sr. Member
****
Offline Offline

Posts: 318


Unofficial Newbie Moderator


View Profile
« Reply #4 on: February 18, 2010, 05:47:57 AM »
Quote from: dtoliaferro on February 17, 2010, 08:33:42 PM
Though, I guess what I'm looking for is a software database to go along with exploits.

This might be a problem if you are looking for commercial uncompiled code.  You may need to look into open source code.  In which case this may help, http://osvdb.org/.

Quote
From my limited experience in searching for vulnerable software I've noticed that vendors seem to omit them, or only offer a patched version in the download links.

Right, because the software is vulnerable.  Preventing vulnerable software from being available reduces their liabilities.

Quote
I'll just keep Googling until I find a vulnerability + exploit combination that works.

That works too.  You can also check out OWASP (http://www.owasp.org).  I'd consider them the leaders in open source security.
« Last Edit: February 18, 2010, 07:43:58 AM by unsupported » Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #5 on: February 18, 2010, 07:30:20 AM »
I have also sometimes had luck finding the vulnerable version of the archive.org site.   You have to know the filename of the download you are looking for, but sometimes it comes through.
Logged
~~~~~~~~~~~~~~
Ketchup
dtoliaferro
Newbie
*
Offline Offline

Posts: 7


View Profile
« Reply #6 on: February 18, 2010, 09:09:07 AM »
Wow, thanks a lot everybody. Your posts have been very helpful to me.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.077 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Free Business and Tech Magazines and eBooks

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.