I’ve recently been trying to teach my young cousin the basics of computer security. I started by having him get the Backtrack live-cd which is geared for penetration testing.
Once you have Backtrack running you need a dummy machine to test against. People have packaged live-cd’s and virtual machines that are running some combination of the following:
- Unpatched operating systems (Win XP SP1)
- Unpatched applications (httpd, ftpd, etc)
You can find these ready to be exploited packages here:
- http://de-ice.net/ (see PwnOS and Pen Test Training)
- http://www.damnvulnerablelinux.org/
Old softwares with bugs:
https://www.securinfos.info/old_softwares_vulnerable.php
Do you have an old disc of Windows 9x or Redhat 6.2 lying around?
- Install VirtualBox
- Create your own virtual machine with those old OS discs that are now collecting dust
Have fun & remember to keep this limited to dummy machines 
Pingback: Test your web pentest skillz « System7
Pingback: Computer Forensics practice « System7