If you’re learning the ins and outs of Metasploit (one of the most underrated and underused tools in our field) but don’t have the software to exploit in a test environment, check out www.securinfos.info/old-softwares-vulnerable.php. Also don’t forget about any old copies of Windows, etc. CDs you have lying around….Just load them up on a test machine, VMWare image, or similar and off you go. I can’t imagine a more cost-effective and hands-on way to get some seat time in this area.
Also, to get you up to speed quickly I’ve written a few articles about Metasploit for your perusal:
Metasploit 3.1 updates improve Windows penetration testing
Metasploit 3.0 security testing tool – free easy and improved
Using Metasploit for real-world security tests
Metasploit: A penetration testing tool you shouldn’t be without