While most Linux fans are spending lots of time making sure that their Linux installation is secured to the max, a group of people are creating another Linux distro called “Damn Vulnerable Linux” and it is what it is - a Linux distro stuffed with all the weaknesses possible. DVL isn’t built to run on your desktop — it’s a learning tool for security students.
DVL is a live CD available as a 150MB ISO. It’s based on the popular mini-Linux distribution Damn Small Linux (DSL), not only for its minimal size, but also for the fact that DSL uses a 2.4 kernel, which makes it easier to offer vulnerable elements that might not work under the 2.6 kernel. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.
DVL was initiated by Thorsten Schneider of the International Institute for Training, Assessment, and Certification (IITAC) and Secure Software Engineering (S²e) in cooperation with Kryshaam from the French Reverse Engineering Team.
“The main idea behind DVL,” says Schneider, “was to build up a training system that I could use for my university lectures.” His goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, buffer overflows, shellcode development, Web exploitation, and SQL injection.
Is it a good idea to do this? I think so, in fact, I’m a firm believer thtat the best way to teach the do’s is to tell them them dont’s so this approach makes perfect to me.
Good work to the guys at DVL!
