- Damn Vulnerable Linux
-
Damn Vulnerable Linux (DVL) is a distribution of GNU/Linux geared toward computer security students. It functions as a tool for observing and studying vulnerabilities in the Linux kernel and popular user space software. It is available as a live DVD, and may be run through a virtual machine within any host operating system.[1]
Contents
Pedagogy
Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author's university lectures. Its primary goal is to design a Linux system that is as vulnerable as possible -- in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.[2]
Vulnerable
Usually, when installing a new operating system the hope is that it’s as up-to-date as possible. After installation there’s bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different, it’s shipped in as vulnerable a state as possible. The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains:
"Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students."
Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa.
Idea
The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Throsten also teaches ethical hacking such as his lecture course Ethical Hacking – Binary Auditing & RCE.
Avalability
At 1.8GB the ISO can be used as a Live CD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, “reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection”.[3]
References
- ^ "Damn Vulnerable Linux". http://www.damnvulnerablelinux.org/. Retrieved October 31, 2010.
- ^ "DistroWatch.com: Damn Vulnerable Linux". July 14, 2010. http://distrowatch.com/table.php?distribution=dvl. Retrieved October 31, 2010.
- ^ "geek.com: damn vulnerable linux - the most vulnerable and exploitable operating system ever!". July 17, 2010. http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007. Retrieved September 23, 2011.
External links
- Damn Vulnerable Linux official website
- Damn Vulnerable Linux at Distrowatch.com
- [1]
This Linux distribution-related article is a stub. You can help Wikipedia by expanding it.