Damn Vulnerable Linux
Results 1 to 8 of 8

Thread: Damn Vulnerable Linux

  1. #1
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190

    Damn Vulnerable Linux

    This is a new distro to me

    http://www.hackinthebox.org/index.ph...icle&sid=37086

    Damn Vulnerable Linux (DVL) is everything a good Linux distribution isnít. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isnít built to run on your desktop Ė itís a learning tool for security students.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    I have messed with it a little bit. Quite a bit of fun to be had.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    HYBR|D
    Guest
    Just grabbed myself a copy, and now waiting for imgburn to cut the .iso onto a blank disc and will give this thing a looksie.

    wonder if i ran it and browsed enough if i can get myself a rooted box..

  4. #4
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    Quote Originally Posted by HYBR|D View Post
    Just grabbed myself a copy, and now waiting for imgburn to cut the .iso onto a blank disc and will give this thing a looksie.

    wonder if i ran it and browsed enough if i can get myself a rooted box..
    I just threw mine into virtualbox. DVL is a nice platform to test different scanning tools, exploit frameworks, XSS/SQL injection attacks, etc. against.

    You can set up the networking as internal only, and then load another distro, such as backtrack, with the same settings, and have quite a bit of fun.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by HYBR|D View Post
    wonder if i ran it and browsed enough if i can get myself a rooted box..
    You could do that with a fresh install of Windows XP. Just wait about 15 minutes.

  6. #6
    HYBR|D
    Guest
    mehehe, you don't even have to browse or do anything, the quickest i've had a fresh XP install get infected was 4seconds after booting into the desktop after the initial install..

    had that shutdown box appear that counts down from 20sec pop up near straight away. That'll teach me to leave the machine plugged into the interwebz without a condom on the ethernet cable...

  7. #7
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Remember that the next time I'm arguing with someone on here how just because Windows XP CAN be Secure, doesn't mean it IS out of the box. Not that a lot are, out of the box, but I do recall being flamed on here a few times when I was always going on about SUSE Linux, because, well, when you installed that, before it actually had even booted up for the first time, while you were still finishing up the installation, it allowed you to do a full update before it even got to a desktop, or even a log in screen for that matter.

    SUSE had this back in like 8.1 or 8.2 Professional, and so once you had gotten the install going, after you set up the Network connection part of it, you could have it test your connection to see if it wa connected, and then, it asked it you'd like to install updates, and you'd select yes, and it would actually show you the updates that were out since the OS had been packaged, you could then install them, and have a fully updated machine by the time you got to the log in.

    I know a few people here who were huge Windows people, who would go on and on that "Ohhhhh Windows NT, 2000 and XP can be just as secure as Linux"...

    OK, fine, if you manage to get to a desktop (Which by the way, Windows loads things in a different way than Linux, BSD, and other OSs, it loads the Program's Interface before it actually finishes loading the actual application, so that way it appears on screen BEFORE it's actually ready to use) so, if you could get to the log in, which by default logged you in as admin, no password, and then, click on Windows update fast enough to start patching, and then, reboot 50 times for all those updates that ALL require an update, and then of course, have the time to move your mouse fast enough to select Internet Explorer and Windows Media Player by themselves because for some reason you can't install updates for those with ANYTHING else selected, and they need reboots too, and THEN go back and see that now, there are even MORE patches, and get those installed, reboot, and see THOSE patches need patches, and so on, ALL within the time to get the damn thing to load a Desktop that won't be infected, then awesome! LOL!

  8. #8
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Quote Originally Posted by gore View Post
    Remember that the next time I'm arguing with someone on here how just because Windows XP CAN be Secure, doesn't mean it IS out of the box. Not that a lot are, out of the box, but I do recall being flamed on here a few times when I was always going on about SUSE Linux, because, well, when you installed that, before it actually had even booted up for the first time, while you were still finishing up the installation, it allowed you to do a full update before it even got to a desktop, or even a log in screen for that matter.

    SUSE had this back in like 8.1 or 8.2 Professional, and so once you had gotten the install going, after you set up the Network connection part of it, you could have it test your connection to see if it wa connected, and then, it asked it you'd like to install updates, and you'd select yes, and it would actually show you the updates that were out since the OS had been packaged, you could then install them, and have a fully updated machine by the time you got to the log in.

    I know a few people here who were huge Windows people, who would go on and on that "Ohhhhh Windows NT, 2000 and XP can be just as secure as Linux"...

    OK, fine, if you manage to get to a desktop (Which by the way, Windows loads things in a different way than Linux, BSD, and other OSs, it loads the Program's Interface before it actually finishes loading the actual application, so that way it appears on screen BEFORE it's actually ready to use) so, if you could get to the log in, which by default logged you in as admin, no password, and then, click on Windows update fast enough to start patching, and then, reboot 50 times for all those updates that ALL require an update, and then of course, have the time to move your mouse fast enough to select Internet Explorer and Windows Media Player by themselves because for some reason you can't install updates for those with ANYTHING else selected, and they need reboots too, and THEN go back and see that now, there are even MORE patches, and get those installed, reboot, and see THOSE patches need patches, and so on, ALL within the time to get the damn thing to load a Desktop that won't be infected, then awesome! LOL!

    While i do admit that the update process of a windows box is a severe pain in the a$$, fact still remains that it 'can' be hardened to operate smoothly and safely. I would say the main problem in windows is that it is designed for ease of use. That ofc means lower security by default since simplicity and comfort are always known to be bitter enemies of security.

    As for SuSE... and many other linux distros, the same does apply in some situations. Just to make the install easier, and ease of use there are many security features that are not setup correctly. Why doesnt suse for example limit the 'su' to the first user during the install? Like adding it to group wheel for instance? Why does ssh allow root logins? Why does by default the X server listen on port 6000? (here i mean why does it open a port in state LISTEN by default). Yup, its a usefull feature if you need it, but opening listening ports by default is not the way of the security penguin

    Those problems (whilst still MUCH SAFER than any default win install) are still non secure settings. These seem to appear only on the 'try-to-remain-easy' systems such as suse, all flavours of bubunutti, and so on. For some people having to setup these issues manually is not always an option and can be a pain too (users who have installed openBSD/netBSD/freeBSD/slackware know this) but in terms of security, these are far more superior.

    By no means is this a rant against suse gore.... you above all people know my love for it and all my work on AO was based on suse in the past. But truth is, if you dont secure it manually.... (this applies for most distros/oss') it can still be sort of vurnerable.

    I have had the suse auto updates mess up the system on occasion (kernel updates, and system would go into kernel panic after reboot), same on some bubunutti distros, but yes.... the updating on linux still remains better/easier/& far superior to windows.

    Now about the topic itself... i believe that this distro should be used for testing of qualifications for admins. Its a very good practice and helps to learn new things. I would'nt use it (trust it) for any live system, even if secured to the best of an admin's knowledge since it has been designed to be unsecure, but it could be seen as a challenge. And since everything the in the security world is a 2 sided blade.... it give an excellent opportunity to try and easy-exploit-it on the-fly.


    cheers.
    Last edited by instronics; July 25th, 2010 at 10:38 AM. Reason: addons
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

Similar Threads

  1. Why linux is better than Windows?
    By MemorY in forum Miscellaneous Security Discussions
    Replies: 29
    Last Post: February 27th, 2004, 04:20 AM
  2. Suse Linux 8.2
    By DigitalSyntax in forum Product / Book / Training / Conference Reviews
    Replies: 1
    Last Post: April 6th, 2003, 08:51 AM
  3. Opinion: As Good as It Gets for Linux
    By TheFiend in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: April 1st, 2003, 11:33 PM
  4. Linux Article
    By gstudios in forum AntiOnline's General Chit Chat
    Replies: 2
    Last Post: May 18th, 2002, 07:29 AM
  5. Newbie Questions Answered - Chapter 4
    By uraloony in forum The Security Tutorials Forum
    Replies: 3
    Last Post: December 19th, 2001, 02:50 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •