I'm trying to creating my own vulnerable machine. It's my first time so would appreciate any help.
Machine's OS: Any Linux (Probably will use Ubuntu or centOS)
Services with vulnerabilities: SSH, webservices and maybe FTP
At the moment I'm reading CTF walk-throughs, CWE and OWASP databases to get inspiration and a moderate understanding of what I need to do.
I know that I can just download some vulnerable services and install them on the VM but atm I'm trying to gather as much information beforehand.
The scenario for the vulnerable machine is half baked (if anyone wants to hear it I'll leave it in the comments) and it will have some rules of engagement required for a penetration testing engagement. At the end the machine will have a documentation; about critical pathways, rational for proposed vulnerabilities, a network diagram draft will be made for the network architecture.
Like I said, it's my first time doing a thing like this but I believe it will help me gain a better understanding on pen-testing as a whole.