Vulnerable VMs

To practice attacks legally and safely you need targets you are allowed to break. Intentionally vulnerable VMs are built for exactly this.

They contain known weaknesses so you can learn scanning, exploitation, and post-exploitation in a controlled lab.

Metasploitable 2 is an intentionally vulnerable Ubuntu-based VM from Rapid7. It runs many outdated, exploitable services like vsftpd, Samba, and an old Apache.

It is a classic target for learning Metasploit and network exploitation.