The choice of vulnerability to host is one of the more difficult parts when it comes to making challenges. If the vulnerability is too easy, the challengers will tear through it; however, if the vulnerability is too hard, the majority of the target audience are alienated. To resolve this, I've provided some suggestions of vulnerabilities to host, marked for difficulty of setup and difficulty of exploitation. For reference, the following descriptions of difficulties are provided:
The following are the various levels in difficulty of setup:
Simple – This level of difficulty requires installation of the affected software
Moderate – This level of difficulty requires installation of the affected software on a specific operating system
Complex – This level of difficulty requires installation and configuration of the affected software on, specific operating system
The following are the various levels in difficulty of exploitation:
Simple – This level of difficulty requires the use of out-of-the-box tools
Moderate – This level of difficulty requires configuration and the use of out-of-the-box tools or simple scripting to perform exploits
Complex – This level of difficulty requires the creation of complex scripts, else it is not supported by common exploitation tools
Vulnerable package
Difficulty of setup
Difficulty of exploitation
Adobe Flash Player
Simple
Moderate
Oracle Java JRE
Simple
Moderate
Internet Explorer
Simple
Complex
QuickTime
Moderate
Complex
ColdFusion
Simple
Simple
TFTP
Simple
Simple
MSSQL
Simple
Moderate