The top post on reddit.com/r/netsec this week is a pretty nifty idea: a Vulnerable VM generator. Since vulnerable VMs are my thing, I decided to check it out. Installation is pretty straightforward on Ubuntu, and generating a VM is as simple as "ruby secgen.rb run".
After everything is up and running, an nmap script scan shows a vulnerable IRC server for which a metasploit module exists to exploit.
I go to msfconsole and set everything apropriately and, quickly, I have a low privilege shell (I later upgraded to a full meterpreter shell).
After running "find / -perm -2000 -o -perm -4000" I see nmap is setuid (took me longer than I'd like to admit to find this).
A metasploit module exists to exploit this as well, so root is easy pickings.
So cool that a unique vulnerable VM was conjured in front of me from some Ruby code. Big thanks to Cliffe from GitHub for providing the community with a great resource for learning!