.

Vulnerable Software Repository?

<<

dtoliaferro

Newbie
Newbie

Posts: 7

Joined: Fri Dec 18, 2009 7:30 pm

Post Wed Feb 17, 2010 7:55 pm

Vulnerable Software Repository?

Hi, I'm new to ethical hacking/penetration testing and I was wondering if there's anything like a repository for vulnerable application source code.

I'd like to practice compiling the sources of vulnerable software and try running exploits on them.

Thanks
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Wed Feb 17, 2010 9:15 pm

Re: Vulnerable Software Repository?

this thread might have some of what you're looking for. It'll also give you some ideas.

Milw0rm has some of the exploits you can compile yourself, but might not be what you're after.
OSWP, Sec+
<<

dtoliaferro

Newbie
Newbie

Posts: 7

Joined: Fri Dec 18, 2009 7:30 pm

Post Wed Feb 17, 2010 9:33 pm

Re: Vulnerable Software Repository?

Hey chrisj, thanks for replying.

The resource you linked to is very cool, and I'll definitely be looking into it. Thanks a lot!

Though, I guess what I'm looking for is a software database to go along with exploits. From my limited experience in searching for vulnerable software I've noticed that vendors seem to omit them, or only offer a patched version in the download links.

I'll just keep Googling until I find a vulnerability + exploit combination that works.
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Feb 18, 2010 12:58 am

Re: Vulnerable Software Repository?

The exploit-database offers not only exploits but also a mirror of the vuln. software, so this might be something you are looking for.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Thu Feb 18, 2010 6:47 am

Re: Vulnerable Software Repository?

dtoliaferro wrote:Though, I guess what I'm looking for is a software database to go along with exploits.


This might be a problem if you are looking for commercial uncompiled code.  You may need to look into open source code.  In which case this may help, http://osvdb.org/.

From my limited experience in searching for vulnerable software I've noticed that vendors seem to omit them, or only offer a patched version in the download links.


Right, because the software is vulnerable.  Preventing vulnerable software from being available reduces their liabilities.

I'll just keep Googling until I find a vulnerability + exploit combination that works.


That works too.  You can also check out OWASP (http://www.owasp.org).  I'd consider them the leaders in open source security.
Last edited by unsupported on Thu Feb 18, 2010 8:43 am, edited 1 time in total.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Feb 18, 2010 8:30 am

Re: Vulnerable Software Repository?

I have also sometimes had luck finding the vulnerable version of the archive.org site.  You have to know the filename of the download you are looking for, but sometimes it comes through.
~~~~~~~~~~~~~~
Ketchup
<<

dtoliaferro

Newbie
Newbie

Posts: 7

Joined: Fri Dec 18, 2009 7:30 pm

Post Thu Feb 18, 2010 10:09 am

Re: Vulnerable Software Repository?

Wow, thanks a lot everybody. Your posts have been very helpful to me.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software