Damn Vulnerable Linux – The most vulnerable and exploitable operating system ever!

Tagged: Linux
Source: geek.com - Read the full article
Posted: 6 years 14 weeks ago

Usually, when installing a new operating system the hope is that it’s as up-to-date as possible. After installation there’s bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different, it’s shipped in as vulnerable a state as possible.

The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains:

Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.

At 1.8GB the ISO can be used as a Live CD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, “reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection”.

Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa.

The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Throsten also teaches ethical hacking such as his lecture course Ethical Hacking – Binary Auditing & RCE.

DVL is free to download, but be warned this is a highly exploitable version of the Linux operating system and should only be used for teaching and experimentation.

Read more at Damn Vulnerable Linux

Matthew’s Opinion

For general operating system distribution there is an obsession with always shipping the most up-to-date version. It’s a good obsession to have, as for the most part we all want the most current and secure software running on our machines.

The downside to this, however, is a lot of work if you want to use a vulnerable system. Although Microsoft would never think of making old versions of Windows ISOs available, the open nature of Linux makes it an easy task to do.

No doubt DVL will find a virtual home on any student’s machine trying to learn about security. Hopefully other Universities will pick up on Thorsten’s idea and starting using DVL for its own courses on security. Thorsten also runs the site The Binary Auditor which hosts a bunch of free training modules.



GraysonPeddie's picture
Joined: 10/29/2006
Posts: 570

Hmm... Makes me think of pre-installing DVL in computers before making it available for sale. :)

That way, customers who bought the computers from me can come back to me and I can nickel and dime them and install Ubuntu 6.06 in them. :)

PC: Tt Core V21; Kaveri APU, 16GB RAM, GTX 960, Arch Linux
Server: Rosewill Legacy V6-S, AMD Athlon 5350 APU, 8GB RAM, 90W DC-IN PSU, Ubuntu Server