There are more or less vulnerable distributions. We have already talked about some of them in our articles and Insights. For example, Whonix and TAILS are some examples of more reliable distros in this regard. But we have also talked about others such as those used by hackers and to carry out security audits.
A complement for hackers and those who are starting in the world of security, is to have an unsafe distro, with default configurations and other security bugs created on purpose to practice penetration tests and attacks. This also exists and we have a great example in Metasploitable (based on Ubuntu).
Apart from Metasploitable (in its different versions) there are other Linux distro projects of this type. Which? Well for example:
- Dam Vulnerable Linux: another distro very similar to Metasploitable, but based on Slackware.
- LAMPSecurity: for the interested in attacks on LAMP servers, based on CentOS.
- De-ICE Pentest: a distro very interesting to practice attacks ...
- Other ISOs for similar virtual machines: Holynix, pWnOS, OWASP, Hacking-Lab, Moth, Katana, etc..
With Kali Linux or another similar distro and a virtual or physical machine with one of these distros installed, you can have fun attacking the system and you will learn a lot. You can play flag capture games by scoring goals for yourself. Interesting indeed! I encourage you to practice.