Steve, On Mon, Jul 16, 2012 at 12:21 AM, Steven Pinkham <steve.pink...@gmail.com> wrote: > Andres Riancho wrote: >> List, >> >> Some w3af plugins are designed specifically for a Windows server >> (frontpage checks for example) and I would like to have a Windows VM >> with a vulnerable frontpage installed for testing. That would be an >> issue since I can do that, but I'm almost sure I can't share that VM >> with the rest of the community in order for you guys to be able to run >> those same tests because of Microsoft's Windows licencing, right? >> >> Regards, > > Unfortunately, no can do.
Buuu Windows, buuu! ;) > You could maintain a VPS Ahh, that sucks. > or directions on how to build your own > vulnerable testbed. That's an option, but not sure if people would use it and if I would like to maintain those setup documents. Looking around I found this [0] blog post where someone claims that "The VMware Virtual Appliance Center has plenty of useful things to offer. One of them is a pre-built virtual machine with Windows Server 20008 and VMware Tools installed. 100 percent legal, evaluation version." When following the link, I'm redirected to some place else. But at least someone is mentioning that (apparently) there is a legal way of doing it. [0] http://blogcastrepository.com/blogs/skatterbrainz/archive/2008/08/26/windows-server-2008-virtual-appliance-for-vmware.aspx > You can look at how Metasploit Unleashed solves this problem: > > http://www.offensive-security.com/metasploit-unleashed/Windows_XP_SP2_Setup > > (If you haven't used the site before, you have to click on the links at > the bottom of the page for the next pages of instructions) > > -- > | Steven Pinkham, Security Consultant | > | http://www.mavensecurity.com | > | GPG public key ID E9E996C1 | > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
