March 5, 2014
There is no doubt that the best way to learn Information Security is hands-on, and to make this easier the guys from Rapid7 – Metasploit created Metasploitable, a vulnerable by design server. Beside their vulnerability as a server, they added more special “ingredients” (vulnerable by design applications) like Damn Vulnerable Web Application from RandomStorm or Mutillidae from OWASP.
Metasploitable represents the perfect “dish” for learning penetration testing (light intro level). Its popularity spread across InfoSec community and became a study framework for most of the infosec students as well as for some InfoSec Training Companies. One reason why had become so popular is that Metasploit framework is the most popular PenTest framework according with this survey where it got an whoop 82% among PenTest frameworks – if you want to test Metasploit, you can always can test it on… Metasploitable. Moreover, Metasploitable isn’t mentioned only because of Metasploit Framework popularity… many PenTest OS, vendors like famous Offensive-Security’s BackTrack/Kali Linux, recommend it to practice their operating systems. There are 1800+ videos on YouTube alone for “Metasploitable”
“Never heard about Metasploitable? Then you’re not into InfoSec Industry”. Yes, that’s how popular it has become.
Metasploitable it’s free, open source and if you want to use it, there are some specific steps to follow in order you to get it properly installed in your virtual environment. That was until… Today.
Today, we gladly announce that there is a new way to access Metasploitable, and practice FREE of charge in the cloud. Besides Helping Open Source Projects to Improve Their Security, we decided it is our duty to bring another free and open contribution to InfoSec Community, by offering Metasploitable in the cloud.
Why is special besides the fact that is free?
1) Being over The Internet, it’s close to real thing.
2) If you need someone to help you, you can use the CTF365 IRC service
3) You can create a video tutorial on the fly, without the need to create your own virtual environment
4) If you want to study using tutorials like the one from Offensive-Security Metasploit Unleashed
5) For your students, as a InfoSec instructors
6) If you want to test new PenTest Tools.
And I’m quite sure you can find few more reasons why.
At this moment it is deployment is as a non persistent image which means that we set up some period of time when we reset it to its initial state in case one of you will breaks it. In the future we hope to get enough hardware to make it an individual (persistent) instance .
All registered users get FREE access to Metasploitable 2. Once you register into CTF365 and setup your VPN you’ll be able to access Metasploitable at http://metasploitable.ctf. Please remember: No VPN, no access.
CTF365 it’s a top notch training platform with a focus on Security Professionals, System Administrators and Web Developers that offers five stars services regarding training, learning and improving offensive and defensive web security.
Any questions? Glad to answer. Stay secure while having fun.