Damn Vulnerable Linux

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is a distribution of GNU/Linux geared toward computer security students. It functions as a tool for observing and studying vulnerabilities in the Linux kernel and popular user space software. It is available as a live DVD, and may be run through a virtual machine within any host operating system.[1]

Contents

Pedagogy

Damn Vulnerable Linux (DVL) is a Slackware and Slax-based live DVD. The distribution, purposefully stuffed with broken, ill-configured, outdated and exploitable software, began life as a training system used during the author's university lectures. Its primary goal is to design a Linux system that is as vulnerable as possible -- in order to teach and demonstrate a variety of security topics, including reverse code engineering, buffer overflows, shell code development, web exploitation, and SQL injection.[2]

Vulnerable

Usually, when installing a new operating system the hope is that it’s as up-to-date as possible. After installation there’s bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different, it’s shipped in as vulnerable a state as possible. The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains:

"Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers
have spent hours stuffing it with broken,
ill-configured, outdated, and exploitable software that makes it vulnerable to attacks.
DVL isn’t built to run on your desktop – it’s a learning tool for security students." 

Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa.

Idea

The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Throsten also teaches ethical hacking such as his lecture course Ethical Hacking – Binary Auditing & RCE.

Avalability

At 1.8GB the ISO can be used as a Live CD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, “reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection”.[3]

References

External links

  1. Damn Vulnerable Linux official website
  2. Damn Vulnerable Linux at Distrowatch.com
  3. [1]