Usually, when installing a new operating system the hope is that it’s as up-to-date as possible. After installation there’s bound to be a few updates required, but no more than a few megabytes. Damn Vulnerable Linux is different, it’s shipped in as vulnerable a state as possible.
The idea behind DVL is to offer an operating system for learning and research for security students. As the DVL website explains:
Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
At 1.8GB the ISO can be used as a Live CD, or installed as a virtual machine using a package like VirtualBox or VMWare. Once installed it can be used as a training environment for teaching, “reverse code engineering, buffer overflows, shellcode development, web exploitation, and SQL injection”.
Old versions of software including Apache, MySQL, PHP, FTP and SSH daemons are included as well as the tools needed to exploit them such as GCC, GDB, NASM, strace, ELF, Shell, DDD, LDasm, and LIDa.
The idea for producing DVL came from Thorsten Schneider who runs the TeutoHack lab at Bielefeld University in Germany. The hacker lab includes a closed network which a laptop can be hooked up to for research into IT security, hacking, and malware. Throsten also teaches ethical hacking such as his lecture course Ethical Hacking – Binary Auditing & RCE.
DVL is free to download, but be warned this is a highly exploitable version of the Linux operating system and should only be used for teaching and experimentation.
Read more at Damn Vulnerable Linux
For general operating system distribution there is an obsession with always shipping the most up-to-date version. It’s a good obsession to have, as for the most part we all want the most current and secure software running on our machines.
The downside to this, however, is a lot of work if you want to use a vulnerable system. Although Microsoft would never think of making old versions of Windows ISOs available, the open nature of Linux makes it an easy task to do.
No doubt DVL will find a virtual home on any student’s machine trying to learn about security. Hopefully other Universities will pick up on Thorsten’s idea and starting using DVL for its own courses on security. Thorsten also runs the site The Binary Auditor which hosts a bunch of free training modules.
Copyright 2015 © Godem Online Inc. | Web and server solutions by NewTech Solutions.