«
»

Vulnerable systems setup


I frequently get asked how to set up a test lab to practice hacking on. Usually I point the curious in the direction of VMWare or VirtualBox and tell them to set up VM's. There are plenty of guides explaining how to do this, but one step that is often missing is how to configure realistic VM's for vulnerable configurations. You might want to know how the exploit you are trying would work against different systems, or how it would work against targets at the time it was released. So I looked through some release timelines and oldversion.com postings to figure out which versions of your favorite browser, plugins, and PDF reader would be installed if you had up-to-date versions of each on January 1st of the past three years, and where you can get them from. This may also be useful if you are putting together a CTF or other challenge:

For your beginning-of-2010 vulnerable system you should have:
IE 8 with MS09-072/KB294871 update http://support.microsoft.com/kb/294871
Flash player 10.0.32.18
http://www.oldversion.com/download-Macromedia-Flash-Player-10.0.32.18.html
Java SE 6 Update 17
http://www.oldversion.com/download-Java-Platform-Java-6-Update-17.html
Acrobat Reader 9.2
http://www.oldversion.com/download-Acrobat-Reader-9.2.html

For beginning-of-2011 you should have:
IE 8 with MS10-090/KB2416400 update http://support.microsoft.com/kb/2416400
Flash player 10.1
http://www.oldversion.com/download-Macromedia-Flash-Player-10.1-%28Non-IE-Browsers%29.html
Java SE 6 Update 23
http://www.oldversion.com/download-Java-Platform-Java-6-Update-23.html
Acrobat Reader 10.0
http://www.oldversion.com/download-Acrobat-Reader-10.0.0.html
or 9.5.0
http://www.oldversion.com/download-Acrobat-Reader-9.5.0.html

For beginning-of-2012 you should have:
IE 8 (most popular) or 9 with MS11-099/KB2618444 update http://support.microsoft.com/kb/2618444
Flash player 11.1.102.55
http://www.oldversion.com/download-Macromedia-Flash-Player-11.1.102.55-%2832-bit%29-%28Non-IE%29.html
Java SE 6 Update 30
http://www.oldversion.com/download-Java-Platform-Java-6-Update-30.html
Acrobat Reader 10.1.1
http://www.oldversion.com/download-Acrobat-Reader-10.1.1.html

This entry was posted on September 19, 2012, 1:58 am and is filed under /dev/urandom, Vulnerabilities. You can follow any responses to this entry through RSS 2.0. Both comments and pings are currently closed.

Comments are closed.