

Ask HN: How to setup a small DEFCON? - new_hackers

So some friends and I were talking about LAN parties today, and an idea to hold our own very small DEFCON came up.  Basically to have a single machine with one or more known vulnerabilities setup by the &#x27;dungeon master&#x27; then everyone else attempts to pwn it.<p>But setting all this up seemed like a lot of work just for an evening of fun.<p>Does anyone have any tips or links to make something like this easier?<p>We are all working as good guys and must be security minded, but don&#x27;t have a lot of firsthand experience as bad guys.  Thought this would be a safe way to practice some of attacks the bad guys might us against us.<p>Any ideas?
======
aethertap
I just happened to be doing this today myself, here's what I'm putting
together (based on recommendations from the book "Hacking with Kali" which is
free if you have an ACM membership).

Practice tools/lab environments:

1\. [https://github.com/SpiderLabs/MCIR](https://github.com/SpiderLabs/MCIR)

2\. [https://www.offensive-security.com/metasploit-
unleashed/Requ...](https://www.offensive-security.com/metasploit-
unleashed/Requirements/)

3\.
[http://sourceforge.net/projects/mutillidae/](http://sourceforge.net/projects/mutillidae/)

4\. [http://www.dvwa.co.uk/](http://www.dvwa.co.uk/)

Install that stuff in a VM:

* [https://www.virtualbox.org/wiki/Downloads](https://www.virtualbox.org/wiki/Downloads)

Metasploitable2 is a pre-packaged pentesting environment with plenty of
vulnerabilities. You could run a CTF by just picking out things from the
exploitability guide that comes with it (read down the page a bit) and
defining victory conditions based on that.

~~~
new_hackers
Awesome stuff, thank you!

