Vulnerable OS's?
There is quite a lot of them:
- Metasploitable: Currently there are 2 versions.
- Kioptrix: Currently 4 challenges.
- Hackademic: Apparently 2 VM, check 1 and 2.
- pWnOS: Currently 2 challenges.
Standalone which you can install directly without VM, this is to hone your Webattack-Fu:
- OWASP WebGoat
- Damn Vulnerable Web Application
- Mutillidae
There's a couple of good ones in addition to DVL, that I've come across
- Metasploitable is designed for testing out some of Metasploits functionality. There's some good information on using it in the free Metasploit Unleashed course.
- There's also DVWA from a web applications perspective
EDIT:
Another good list I came across on a blog recently, has quite a few potential vulnerable apps
- Pentest lab vulnerable servers-applications list
I'd suggest in additiona to HamZa DzCyberDeV's answer:
Pentester Labs exercises which are full VMs as well as full detailed walkthroughs etc. These are great for all skill levels and i've found them most useful.