Nothing 'free' that is likely to be as good or deep as OSCP, but there are other 'hackable lab distros' out there, to give you some things to play with.  Check out de-ice.net and some of the other distros out there, as well as Thomas Wilhelm's book (which is relatively inexpensive, compared to many 'paid' resources.  (There's a picture of it on the top of the de-ice site.)

As for others, check out jhaddix's site ( http://www.securityaegis.com/ ) for some links for webapp labs and others you might get some good use out of.  Dig around on there, and you'll find some good links and resources.

As for 'downloading/ configuring VM's' the de-ice ones don't take long at all, to get setup and running, so they're at least worth setting up to hack at during your free time, since again, at least those are relatively inexpensive / free.

If you want more of a challenge, you might also sign up for NetWars...  http://www.netwars.info/ as it's been kind of fun, and gives you some immediate things to hack at (when each new round begins... one JUST ended, I believe, today)  I think this one would be your best immediate fun, when a round is in session, so sign up and go for it.

Also, one more...

You might check out group51.org, as well.  They have some little projects going on, and a 'dedicated' test lab setup amongst various members devices and servers.  I haven't checked it out in a while, but they were doing a few cool things in there, last I was in.

Anyway, I understand your 'limited free time,' as I get that a lot, myself, so I wish you luck.

i recently build my own (VMware) hacklab containing the most popular hack challenges i could find. most are mentioned here, but i definately miss the lampsecurity capture the flags (there on sourceforge). the CTF's are pretty hard en well documented. i certenly recommend it to take a loot at. Like said before setting up these hacklabs is peanuts. it tool me a full weekend to get everything installed and working. i will post a index later when i'm at home to sum up the completeness of the challenges available.

still not home (stuck on work for another few hours) but here are a few from the top of my head (i'll add the links later)

lampsecurity, CTF 4,5 and 6. documentation is available from the same source. very good and focussing on webapplications (so prepare for SQL injection and stuff) also covers a few good tools, but for a start it can be quite hard.

De-Ice, 1,2 and dont forget pWnOS! very good one wich is focussed on milw0rm and exploit-db!

Hacme's Foundstone. A bit harder to do because of the installation needed. then again it took me about a day to get the most of them working (trust me, with my knowledge, you will probably be quicker)

DVL. just download, boot and get started. no manuals, no pointers, no documentation...the ultimate challenge! a good tool to start with is the OWASP os, or if you prefer BT use BT

Mutilidea (sp?) is based on the OWASP top 10. havent done this one yet so dont know if it is any good.

Moth. same here, havent done this one yet.

the last 2 require some installation too, but didnt give me much trouble.

in my personal lab i also included some standard installations of a linux distribution, windows XP/Vista/7 and Server 2000/2003/2008 as victims.

the main advantage of a virtual lab is when you use backups and mess up, its delete and copy and your ready to go!

good luck with OSCP! did you get the 30 day or 60 day package? i'm trying to get an idea how much material it contains so i can see if its possible in 30 days.

here the list i promised:

CTF4 (Capture The Flag 4 from LampSecurity.org)
CTF5 (Capture The Flag 5)
CTF6 (Capture The Flag 6)
De-Ice1_100 (first challenge from heorot)
De-Ice1_110 (used to attack the first challenge)
De-Ice2_100 (second challenge from heorot)
pWnOS (the last challenge from heorot, focussed solely on milw0rm)
DVL1.5 (Damn Vulnerable linux)
Hackerdemia (another challenge from heorot)
Moth (Moth by Bonsai information security)
OWASP (opensource web application security live cd with tools)
Ubuntu WebGoat (OWASP vulnerabilities)
WinXP Foundstone (Hackmes challenges)
WinXP Mutillidae (Mutillidae vulnerabilities)

and the urls:

http://sourceforge.net/projects/lampsecurity/files/
http://heorot.net/livecds/
http://www.damnvulnerablelinux.org/
http://www.bonsai-sec.com/en/research/moth.php
http://www.owasp.org/index.php/Main_Page
http://www.foundstone.com/us/resources-free-tools.asp
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10

good luck with building the lab!

Thanks for the list j0rDy,

I took the 60-day package. Since I just started, it is hard to say is 30 days will be enough. But like Hayabusa said in another post: if you get 30 days and you later change your mind, you only lose $50...

Also, doing all the "Going the Extra Mile" exercises can take some time...

Oh and just so you are aware, it takes about 3 days to complete the registration process and courses only start on a Sunday morning.

So if you are planning to work on the course over a long weekend or something like that, I suggest you register a week in advance...

David