Damn Vulnerable Linux – The most vulnerable and exploitable operating system ever!
Damn Vulnerable Linux is the most complete training environment for IT security with over 500.000 downloads. It includes all tools you need ready to go. Additionally tons of training material and exercises are included. Damn Vulnerable Linux works fine under Windows, Linux and Mac OSX using any virtual machine such as VMware, Qemu or KVM. You can let it run installed natively on a standard PC or even boot it from USB.
Damn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
The main idea behind DVL was to build up a training system that I could use for my university lectures. My goal was to design a Linux system that was as vulnerable as possible, to teach topics such as reverse code engineering, buffer overflows, shellcode development, Web exploitation, and SQL injection.
I’ve used it in a virtual machine on VirtualBox and I’ve been very happy with the system, when it starts you have the opportunity to start KDE or Fluxbox, I chose Fluxbox. Once started, you will have the opportunity to start various “services” that will be used in exercises, such as a webserver and mysql.
I tried the web exploit and start from simple PHP form to more complicated XSS, is certainly interesting for programmers and for those who manage these services.
DVL is a live CD available as a 1,8 GB ISO. It contains older, easily breakable versions of Apache, MySQL, PHP, and FTP and SSH daemons, as well as several tools available to help you compile, debug, and break applications running on these services, including GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa, and more.
DVL is made by people with significant black hat backgrounds, incorporating the community of www.Reverse-Engineering.net and Crackmes.de. It contains a huge amount of lessons, including lesson descriptions and solutions if the level has been solved by a community member at Crackmes.de.
In this video, how to configure a virtual machine with Virtualbox under Ubuntu to run Damn vulnerable linux