Steve, On Mon, Jul 16, 2012 at 8:32 AM, Andres Riancho <andres.rian...@gmail.com> wrote: > Steve, > > On Mon, Jul 16, 2012 at 12:21 AM, Steven Pinkham > <steve.pink...@gmail.com> wrote: >> Andres Riancho wrote: >>> List, >>> >>> Some w3af plugins are designed specifically for a Windows server >>> (frontpage checks for example) and I would like to have a Windows VM >>> with a vulnerable frontpage installed for testing. That would be an >>> issue since I can do that, but I'm almost sure I can't share that VM >>> with the rest of the community in order for you guys to be able to run >>> those same tests because of Microsoft's Windows licencing, right? >>> >>> Regards, >> >> Unfortunately, no can do. > > Buuu Windows, buuu! ;) > >> You could maintain a VPS > > Ahh, that sucks. > >> or directions on how to build your own >> vulnerable testbed. > > That's an option, but not sure if people would use it and if I would > like to maintain those setup documents. > > Looking around I found this [0] blog post where someone claims that > "The VMware Virtual Appliance Center has plenty of useful things to > offer. One of them is a pre-built virtual machine with Windows Server > 20008 and VMware Tools installed. 100 percent legal, evaluation > version." When following the link, I'm redirected to some place else. > But at least someone is mentioning that (apparently) there is a legal > way of doing it. > > [0] > http://blogcastrepository.com/blogs/skatterbrainz/archive/2008/08/26/windows-server-2008-virtual-appliance-for-vmware.aspx
And this seems to be the only windows VM in the whole vmware marketplace: https://solutionexchange.vmware.com/store/products/windows-7-rc-bagvapp Which would be a good option. I'm assuming that vmware wouldn't allow an illegal VM to be in their marketplace, so it looks like it would be possible to use that one. >> You can look at how Metasploit Unleashed solves this problem: >> >> http://www.offensive-security.com/metasploit-unleashed/Windows_XP_SP2_Setup >> >> (If you haven't used the site before, you have to click on the links at >> the bottom of the page for the next pages of instructions) >> >> -- >> | Steven Pinkham, Security Consultant | >> | http://www.mavensecurity.com | >> | GPG public key ID E9E996C1 | >> >> > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
