Skip to content

Vulnerable VMs

Purposefully vulnerable machines let you practice legally
These are designed with security flaws for educational purposes -- from beginner web application challenges to advanced Active Directory exploitation scenarios

Beginner Level

Metasploitable 2 Classic beginner target with multiple services: * Ports: 21 (vsftpd), 23 (telnet), 445 (SMB), 80 (PHP CGI), 3306 (MySQL) * Exploits: Weak credentials, outdated services, misconfigurations * Best for: Learning nmap, basic exploitation, service enumeration

# Metasploitable 2 quick start
wget https://sourceforge.net/projects/metasploitable/files/Metasploitable2.zip
unzip Metasploitable2.zip
# Import into VMware/VirtualBox, set network to NAT/Host-only

DVWA (Damn Vulnerable Web Application) PHP/MySQL web app for web security: * SQL injection , XSS , CSRF , command injection , file inclusion * Security levels: Low (no protection) , Medium (basic) , High (hardened) * Deploy with Docker: docker run -d -p 80:80 vulnerables/web-dvwa

Intermediate Level

Metasploitable 3 Windows Server 2008 + Ubuntu targets with realistic vulnerabilities: * Requires Packer to build (automation) * Contains MS17-010 (EternalBlue) , SMB vulnerabilities * Best for: Windows exploitation , post-exploitation practice

# Build Metasploitable 3
git clone https://github.com/rapid7/metasploitable3
cd metasploitable3
packer build windows_2008.json
packer build ubuntu.json

VulnHub Series Community-created VMs of varying difficulty: * kioptrix series (multiple levels) * DC-1 through DC-9 (WordPress, Drupal exploitation) * Mr-Robot (TV show themed , realistic enumeration)

Advanced Level

Active Directory Labs Realistic enterprise AD environments: * Multiple Domain Controllers * SQL servers , file shares , web servers * Kerberos attacks (Golden/Silver tickets) * Constrained/unconstrained delegation abuse

Build your own AD lab: 

# With AutomatedLab (PowerShell)
Install-Module AutomatedLab -Force
New-LabDefinition -Name ADLab -DefaultVirtualizationEngine HyperV
Add-LabMachineDefinition -Name DC1 -Roles RootDC
Add-LabMachineDefinition -Name SRV1 -Roles SQLServer
Install-Lab

HackTheBox and TryHackMe

These platforms provide hosted vulnerable environments: * HTB: Active machines (changing weekly) , retired ones with walkthroughs * THM: Guided learning paths with pre-deployed rooms * Both have VPN access to private lab networks

Custom Vulnerable VMs

Build your own with: * BadUnconfig - Insecure defaults script * VulnOS - Intentionally broken Linux distro * DejaVuln - Old packages with known CVEs