Throughout Offensive Security's CTP course you may find yourself wanting to build your own home lab with old Windows VMs. I found it difficult to locate Windows ISOs that were both untouched and of the exact version I wanted. This is a method I found to be effective.
Identify the OS and Build you want by running 'winver'. In this example, the OS is Server 2003 and the build number shows:
By searching for that here we find that the build number corresponds with the only release of SP1 recorded in the wiki and that it was compiled 2005-03-24.
Taking this information I then went to a MSDN archive site, filtered by english for our OS and then selected a SP1 entry from around the same period. This gives us two pieces of information:
en_windows_server_2003_sp1.iso - dc8dff428406c36412973b036a6451db224ee59e
Search for the filename with search quotes and you'll eventually find a download source from some sketchy website (doesn't matter because we have a checksum to verify against).
Once the download is finished simply verify the integrity of the ISO (example command using shasum on Linux).
Let me know if you have a better way cause this is still mildly painful...