[Infowarrior] - "Dmn Vulnerable Linux" distribution

Richard Forno rforno at infowarrior.org
Sun Jul 18 15:14:30 CDT 2010


Damn Vulnerable Linux – The most vulnerable and exploitable operating system ever!

Jul. 17, 2010 (6:37 am) By: Matthew Humphries

http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-20100717/

Usually, when installing a new operating system the hope is that it’s as up-to-date as possible. After installation there’s bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different, it’s shipped in as vulnerable a state as possible.

The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains:

Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

At 1.8GB the ISO can be used as a Live CD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, “reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection”.

Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa.

The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Throsten also teaches ethical hacking such as his lecture course Ethical Hacking – Binary Auditing & RCE.

DVL is free to download, but be warned this is a highly exploitable version of the Linux operating system and should only be used for teaching and experimentation.



More information about the Infowarrior mailing list