Jump to content

Damn Vulnerable Linux

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 68.0.20.56 (talk) at 14:24, 27 September 2012 (Vulnerable: grammar). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Damn Vulnerable Linux (DVL) was a distribution of GNU/Linux geared toward computer security students. It functioned as a tool for observing and studying vulnerabilities in the Linux 2.4 kernel and popular user space software. It was available as a live DVD, and may be run through a virtual machine within any host operating system.[1]. It reportedly is no longer maintained and listed as discontinued.[2]

Pedagogy

Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. DVL 1.5 is based on BackTrack 2.0 Final. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author's university lectures. Its primary goal is to design a Linux system that is as vulnerable as possible -- in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.[3]

Vulnerable

Usually, when installing a new operating system the hope is that it’s as up-to-date as possible. After installation there are bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different. It is shipped in as vulnerable a state as possible. The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains:

"Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers
have spent hours stuffing it with broken,
ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.
DVL isn’t built to run on your desktop – it’s a learning tool for security students." 

Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa.

Idea

The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Thorsten also teaches ethical hacking such as his lecture course Ethical Hacking – Binary Auditing & RCE.

Availability

At 1.8GB the ISO can be used as a Live DVD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, “reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection”.[4]

References

  1. ^ "Damn Vulnerable Linux". Retrieved October 31, 2010.
  2. ^ http://distrowatch.com/table.php?distribution=dvl
  3. ^ "DistroWatch.com: Damn Vulnerable Linux". July 14, 2010. Retrieved October 31, 2010.
  4. ^ "geek.com: damn vulnerable linux - the most vulnerable and exploitable operating system ever!". July 17, 2010. Retrieved September 23, 2011.
  1. Damn Vulnerable Linux official website
  2. Damn Vulnerable Linux at Distrowatch.com
  3. [1]
  4. Installation Under Virtualbox
  5. Download Link Via SourceForge