Current Status

Pit 1 - bootable backtrack5R3 in the cd drive - can be used to attack 'Pit 2' and 'Pit 3'; internal disk has been infected with a rootkit which as been inexpertly applied (so as to make the machine nearly useless as a linux -- it'll boot, but not much else). You can use forensic tools in BT5 to try and determine what rootkit it was and what it did. (

Pit 2 - boots a centos (with unprived user autologin so you can control) with a specially-vulnerablized Ubuntu (known as the "metasploitable" distribution) running as a vm (via virtualbox), a version of vulnerable Debian (pWnOS) and another -- slackware-based vulnerable called "damn vulnerable linux infectious disease" (also via virtualbox). Also, there are several "Kioptrix Challenge" virtual machines for your cracking pleasure.

Lastly, the Centos machine has a web server running the "Damn Vulnerable Web Application" (DVWA) -- point your web brower at, and have at it. Attack at will (the Ubuntu, Slackware, Debian or the Centos :-)

centos =
ubuntu =
slakware =
debian =
kioptrix challenge 2 =
kioptrix challenge 3 =
kioptrix challenge 4 =

Pit 3 - boots a Windows XPSP2. Attack at will (

Please feel free to bring your own laptop to hook into the network and blast away with your own toolset.

We've also added a couple of wireless routers (home-network strength) to perform wireless attack (if desired) testing on them, or as resources for other wireless projects.

Please let us know what success you have (we don't want to set these machines up to infect students! :-) and we'll reinstall back to a known-but-still-vulnerable state.

Note that these machines (tagged as 'Radioactive') must under no circumstances be attached to a rutgers network.