This guest blog comes to us from Marius Corici from CTF365. When asked to describe himself he gave me the following: "I enjoy being an entrepreneur and discovering new solutions for old problems. Motto: Think a lot to do less and preserve energy to provide simplicity."
There is no doubt that the best way to learn Information Security is hands-on and to make this easier, the guys from Rapid7 and Metasploit created Metasploitable, a server that is vulnerable by design.
Beside its vulnerability as a server, they (the guys from Metasploit) added more special "ingredients" (vulnerable by design applications) like Damn Vulnerable Web Application from RandomStorm or Mutillidae from OWASP.
Metasploitable represents the perfect place to start learning penetration testing as a light introduction. Its popularity has spread across the InfoSec community and become a study framework for most infosec students as well as for some training companies. One reason it has become so popular is that Metasploit framework is the most popular penetration testing framework according to this survey where it got an whopping 82% among PenTest frameworks. Many PenTest OS vendors, like well known Offensive-Security's BackTrack/Kali Linux, recommend to practice on Metasploitable to learn how to use their operating systems. A quick search on YouTube shows there are over 1800 videos containing "Metasploitable"
It's free, open source, and if you wanted to use it, there were some specific steps to follow in order to get it properly installed into your virtual environment.
The team behind CTF365, gladly announce to you that there is a new way to access Metasploitable and practice FREE in the cloud.
Why is that special?
1) Being over The Internet, helps to simulate the real thing.
2) Need someone to help you? You can use the CTF365 IRC service.
3) In case you want to create a video tutorial on the fly, you can now do so, without the need to create your own virtual environment.
4) Want to study using tutorials like the one from Offensive-Security Metasploit Unleashed ?
5) As an InfoSec instructor it is much easier to show live to your students.
6) In case you want to quickly test new PenTest tools.
And I'm quite sure you can find few more reasons why.
At this moment it is deployed as a non persistent image, which means that we have set up a period of time before we reset it to its initial state. This is in case some of you manage to break it. In the future we hope to get enough hardware to make it as a individual and persistent instance.
All registered users get FREE access to Metasploitable 2. Once you register into CTF365 and setup your VPN you'll be able to access Metasploitable at http://metasploitable.ctf. Please remember: No VPN, no access.
CTF365 it's a top notch training platform with a focus on Security Professionals, System Administrators and Web Developers that offers five stars services regarding training, learning and improving offensive and defensive web security. We're glad to offer this functionality to help everyone stay more secure.
Any questions? Glad to answer. Stay secure while having fun. :-)