Soma-notes - User contributions [en]

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-12-15T21:00:44Z

Amurphy7:

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

Apache is an HTTP web server which is crucial to all web-based interactions within the operating system. When using Damn Vulnerable Linux, Apache must be started before HTTP, PHP, or MySql services become available.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. Integrated Development Environments (IDEs), applications that provide comprehensive features for software programmers, are included for many languages, ranging from Dr. Scheme to Eclipse and JEdit.

Damn Vulnerable Linux also includes disassemblers and debuggers, which are used heavily in breakpoint testing and reverse engineering. IDA free and Ollydbg number among those disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by the following command:<source lang="cpp">
rpm -qa
</source>

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11] While this is quite extensive, containing nine thousand files[12], it is the only package included in DVL. The operating system is relatively destitute compared to larger distributions such as Ubuntu, as it is focused heavily on a specialised programming environment.

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

To get a comprehensive list of all installed packages, as well as their version number and release date[14]:
<source lang="cpp">rpm -qa</source>

To uninstall a specific package[14]:
<source lang="cpp">rpm -e <packagename></source>

To install a specific package[14]:
<source lang="cpp">rpm -ivh <packagename></source>

To update a previously-installed package[14]:
<source lang="cpp">rpm -Uvh <packagename></source>

The rpm command can also be used to request a list of installed files by a rpm, by invoking the following command:
<source lang="cpp">rpm -ql fpc-src-2.2.0-071105</source>

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || <source lang="cpp">/lib/libc.so.6 --version</source> ||
|-
| bash || 3.1.17(2005) || 4.2 || <source lang="cpp">/bin/bash --version</source> ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || <source lang="cpp">uname -a</source> ||
|-
| GNU CoreUtils || 5.97 || 8.14 || <source lang="cpp">/bin/ls --version</source> ||
|-
| procps || 3.2.7 || 3.2.8 || <source lang="cpp">/bin/ps --version</source> ||
|-
| MySQL || 5.0.24a || 5.5.17 || <source lang="cpp">mysql -V</source> ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || <source lang="cpp">httpd -V</source> ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || <source lang="cpp">ssh -V</source> ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || <source lang="cpp">konqueror -v</source> ||
|-
| Qt || 3.3.6 || 4.7.4 || <source lang="cpp">konqueror -v</source> ||
|-
| KDE || 3.5.3 || 4.7 || <source lang="cpp">konqueror -v</source> ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience. Specifically, 1337 is usually inferred as numerical-representation of "leet", or elite.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]

==Init Script Startup==
[[File:Dvl_processes.png|thumb|right|'''Figure 5: '''Running Processes]]
The specific process executing order during initialisation is as follows:

Init(8) is run, resulting in:

''' /etc/rc.d/rc.M is executed, which in turn starts the following processes:'''
<ol>

<li> /usr/sbin/syslogd: this is started by rc.M, by calling rc.syslog start
<ol>
<li> /usr/sbin/klogd: syslog then starts klog if it is a SMP kernel
</ol>
<li> inet1: this is started by rc.M
<ol>
<li> dhcpcd: this is then started by inet1 if it is not already running, and set to eth0
</ol>
<li> /usr/sbin/cupsd is started by rc.M, by calling rc.cups start

<li> /usr/sbin/crond is started by rc.M

<li> /usr/sbin/acpid: this is started by rc.M, by calling acpid start

<li> rc.M then calls the rc.slax extension
<ol>
<li> /bin/sh: this is started by rc.slax

<li> /bin/bash: this is started by rc.slax
</ol>
<li> /usr/libexec/mysqld: this is started by rc.M by calling rc.mysqld start

<li> /usr/sbin/gpm: this is started by rc.M, by calling rc.gpm start
</ol>

==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-25T04:45:27Z

Amurphy7: /* Major Package Versions */

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by ''rpm -qa''.

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11] While this is quite extensive, containing nine thousand files[12], it is the only package included in DVL. The operating system is relatively destitute compared to larger distributions such as Ubuntu, as it is focused heavily on a specialised programming environment.

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

rpm -qa lists all installed packages as well as their version number and release date.[14]

rpm -e <packagename> uninstalls a specific package.[14]

rpm -ivh <packagename> installs a specific package.[14]

rpm -Uvh <packagename> updates an already-installed package.[14]

The rpm command can also be used to request a list of installed files by a rpm, by invoking ''rpm -ql fpc-src-2.2.0-071105''.

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience. Specifically, 1337 is usually inferred as numerical-representation of "leet", or elite.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]

==Init Script Startup==
[[File:Dvl_processes.png|thumb|right|'''Figure 5: '''Running Processes]]
The specific process executing order during initialisation is as follows:

Init(8) is run, resulting in:

''' /etc/rc.d/rc.M is executed, which in turn starts the following processes:'''
<ol>

<li> /usr/sbin/syslogd: this is started by rc.M, by calling rc.syslog start
<ol>
<li> /usr/sbin/klogd: syslog then starts klog if it is a SMP kernel
</ol>
<li> inet1: this is started by rc.M
<ol>
<li> dhcpcd: this is then started by inet1 if it is not already running, and set to eth0
</ol>
<li> /usr/sbin/cupsd is started by rc.M, by calling rc.cups start

<li> /usr/sbin/crond is started by rc.M

<li> /usr/sbin/acpid: this is started by rc.M, by calling acpid start

<li> rc.M then calls the rc.slax extension
<ol>
<li> /bin/sh: this is started by rc.slax

<li> /bin/bash: this is started by rc.slax
</ol>
<li> /usr/libexec/mysqld: this is started by rc.M by calling rc.mysqld start

<li> /usr/sbin/gpm: this is started by rc.M, by calling rc.gpm start
</ol>

==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-25T04:42:02Z

Amurphy7: /* Init Script Startup */

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by ''rpm -qa''.

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11] While this is quite extensive, containing nine thousand files[12], it is the only package included in DVL. The operating system is relatively destitute compared to larger distributions such as Ubuntu, as it is focused heavily on a specialised programming environment.

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

rpm -qa lists all installed packages as well as their version number and release date.[14]

rpm -e <packagename> uninstalls a specific package.[14]

rpm -ivh <packagename> installs a specific package.[14]

rpm -Uvh <packagename> updates an already-installed package.[14]

The rpm command can also be used to request a list of installed files by a rpm, by invoking ''rpm -ql fpc-src-2.2.0-071105''.

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]

==Init Script Startup==
[[File:Dvl_processes.png|thumb|right|'''Figure 5: '''Running Processes]]
The specific process executing order during initialisation is as follows:

Init(8) is run, resulting in:

''' /etc/rc.d/rc.M is executed, which in turn starts the following processes:'''
<ol>

<li> /usr/sbin/syslogd: this is started by rc.M, by calling rc.syslog start
<ol>
<li> /usr/sbin/klogd: syslog then starts klog if it is a SMP kernel
</ol>
<li> inet1: this is started by rc.M
<ol>
<li> dhcpcd: this is then started by inet1 if it is not already running, and set to eth0
</ol>
<li> /usr/sbin/cupsd is started by rc.M, by calling rc.cups start

<li> /usr/sbin/crond is started by rc.M

<li> /usr/sbin/acpid: this is started by rc.M, by calling acpid start

<li> rc.M then calls the rc.slax extension
<ol>
<li> /bin/sh: this is started by rc.slax

<li> /bin/bash: this is started by rc.slax
</ol>
<li> /usr/libexec/mysqld: this is started by rc.M by calling rc.mysqld start

<li> /usr/sbin/gpm: this is started by rc.M, by calling rc.gpm start
</ol>

==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

File:Dvl processes.png

2011-11-25T04:39:28Z

Amurphy7:

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-25T04:36:33Z

Amurphy7:

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by ''rpm -qa''.

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11] While this is quite extensive, containing nine thousand files[12], it is the only package included in DVL. The operating system is relatively destitute compared to larger distributions such as Ubuntu, as it is focused heavily on a specialised programming environment.

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

rpm -qa lists all installed packages as well as their version number and release date.[14]

rpm -e <packagename> uninstalls a specific package.[14]

rpm -ivh <packagename> installs a specific package.[14]

rpm -Uvh <packagename> updates an already-installed package.[14]

The rpm command can also be used to request a list of installed files by a rpm, by invoking ''rpm -ql fpc-src-2.2.0-071105''.

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]

==Init Script Startup==

The specific process executing order during initialisation is as follows:

Init(8) is run, resulting in:

/etc/rc.d/rc.M is executed, which in turn starts the following processes:

1) /usr/sbin/syslogd: this is started by rc.M, by calling rc.syslog start

1.1) /usr/sbin/klogd: syslog then starts klog if it is a SMP kernel

2) inet1: this is started by rc.M

2.1) dhcpcd: this is then started by inet1 if it is not already running, and set to eth0

3) /usr/sbin/cupsd is started by rc.M, by calling rc.cups start

4) /usr/sbin/crond is started by rc.M

5) /usr/sbin/acpid: this is started by rc.M, by calling acpid start

6) rc.M then calls the rc.slax extension

6.1) /bin/sh: this is started by rc.slax

6.2) /bin/bash: this is started by rc.slax

7) /usr/libexec/mysqld: this is started by rc.M by calling rc.mysqld start

8) /usr/sbin/gpm: this is started by rc.M, by calling rc.gpm start

==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T02:17:54Z

Amurphy7: /* Software Packaging */

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by ''rpm -qa''.

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11] While this is quite extensive, containing nine thousand files[12], it is the only package included in DVL. The operating system is relatively destitute compared to larger distributions such as Ubuntu, as it is focused heavily on a specialised programming environment.

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

rpm -qa lists all installed packages as well as their version number and release date.[14]

rpm -e <packagename> uninstalls a specific package.[14]

rpm -ivh <packagename> installs a specific package.[14]

rpm -Uvh <packagename> updates an already-installed package.[14]

The rpm command can also be used to request a list of installed files by a rpm, by invoking ''rpm -ql fpc-src-2.2.0-071105''.

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]
==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T02:14:24Z

Amurphy7:

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by ''rpm -qa''.

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11]

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

rpm -qa lists all installed packages as well as their version number and release date.[14]

rpm -e <packagename> uninstalls a specific package.[14]

rpm -ivh <packagename> installs a specific package.[14]

rpm -Uvh <packagename> updates an already-installed package.[14]

The rpm command can also be used to request a list of installed files by a rpm, by invoking ''rpm -ql fpc-src-2.2.0-071105''.

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]
==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T02:13:41Z

Amurphy7:

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==
Slackware is RPM-based, meaning that software packages are all stored as an RPM Package Manager. By invoking ''rpm -qa'', a list of installed RPMs is shown; within DVL, FPC (Free Pascal Compiler) is the only listed package. Free Pascal Compiler is an extensive RPM Package Manager that is often used in conjunction which Lazarus, which contains a full IDE.[13] The version of FPC used by Damn Vulnerable Linux is fpc-src-2.2.0-071105.i386.rpm, as reported by ''rpm -qa''.

Lazarus contains a large host of utilities, separated into the run-time library (RTL), which contains units such as Unix, BaseUnix, and ShellAPI; and the Lazarus Component Library (LCL), which contains interface elements, such as buttons, forms, and text boxes.[11]

The rpm command is very useful for adding and removing packages. The following parameters are highly useful:

rpm -qa lists all installed packages as well as their version number and release date.[14]
rpm -e <packagename> uninstalls a specific package.[14]
rpm -ivh <packagename> installs a specific package.[14]
rpm -Uvh <packagename> updates an already-installed package.[14]

The rpm command can also be used to request a list of installed files by a rpm, by invoking ''rpm -ql fpc-src-2.2.0-071105''.

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]
==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

[11]http://wiki.lazarus.freepascal.org/Installing_Lazarus#Installing_using_rpms

[12]http://rpm.pbone.net/index.php3/stat/6/idpl/14565894/dir/other/com/fpc-src-2.2.0-071105.i386.rpm

[13]http://wiki.lazarus.freepascal.org/Overview_of_Free_Pascal_and_Lazarus

[14]http://www.linuxforums.org/forum/installation/2165-add-remove-packages-not-removing.html

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T01:20:10Z

Amurphy7:

=Part I=
==Background==
Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

===OS Inheritance===
Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

===Development===
Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

===Target Audience===
Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

===Obtaining A Copy===
The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

==Installation / Startup==
To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

===VMware Player Settings===
[[File:DSL_img1.jpg|thumb|right|'''Figure 1: '''VMware Guest OS Settings]]
<ol>
<li>Using VMware Player, Create a new virtual machine.

<li>Choose the option to install from disc image file, and browse to find the ISO location on your machine.

<li>When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.

<li>When naming the virtual machine, enter ‘DVL’ and select next.

<li>The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.

<li>Click enter to boot the system. This should take between 10 and 30 seconds.

<li>After the system successfully boots, login as ‘root’ with password ‘toor’.

<li>To switch from the command line to a graphical interface, type ‘startx’.
</ol>

[[File:DSL_img2.jpg|thumb|left|'''Figure 2: '''Login Screen After Successful Boot]]
[[File:DSL_img3.jpg|thumb|'''Figure 3: '''Starting The GUI]]

==Basic Operation==
The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

==Usage Evaluation==
Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.
[[File:Starthttpd.png|thumb|right|'''Figure 4: '''Starting the HTTPD service]]

===Board51 System===
While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

===The Breach===
[[File:Useridx.png|thumb|right|'''Figure 5: '''Retrieving the md5 password hash]]
By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

===Prevention===
The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

===Overall Evaluation===
Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

=Part 2=
==Software Packaging==

==Major Package Versions==
As Damn Vulnerable Linux is designed to be vulnerable, it makes heavy use of legacy code. This fundamental attribute is also evident within the packages included with the operating system. The authors do not make any effort to modify the source code of the original code, instead intentionally selecting packages that are either known to be exploitable themselves, or complement other exploitable software. It is with this in mind that each of the software packages are chosen to be included in the operating system.

{| class="wikitable"
|-
! Software !! Version(Date) !! Most Recent Version !! Command Used
|-
| libc || 2.3.6 || 2.14 || /lib/libc.so.6 --version ||
|-
| bash || 3.1.17(2005) || 4.2 || /bin/bash --version ||
|-
| kernel || 2.6.20-BT-PwnSauce(2007) || 3.1.1 || uname -a ||
|-
| GNU CoreUtils || 5.97 || 8.14 || /bin/ls --version ||
|-
| procps || 3.2.7 || 3.2.8 || /bin/ps --version ||
|-
| MySQL || 5.0.24a || 5.5.17 || mysql -V ||
|-
| HTPPD || Apache 1.3.37 || 2.2.21 || httpd -V ||
|-
| SSH || OpenSSH 4.4pl (2006) || 5.9 || ssh -V ||
|-
| Konqueror || 3.5.3(2005) || 4.7.3 || konqueror -v ||
|-
| Qt || 3.3.6 || 4.7.4 || konqueror -v ||
|-
| KDE || 3.5.3 || 4.7 || konqueror -v ||
|}
''Note: The HTTPD version was likely chosen because of the significance of its version number among the target audience.''

==Initialization==
As a Slackware-based distribution, DVL uses BSD style init (as opposed to System V) to initialize the system. By reading /etc/inittab, it is apparent that the default runlevel is set to 3. inittab then tells the system to use /etc/rc.d/rc.S for initialization.

/etc/rc.d/rc.S begins by mounting /proc (/sbin/mount -v proc /proc -n -t proc).

It then starts udev, mounts sysfs, and checks for a forced filesystem check on the root filesystem (to see if fsck must be run due to an improper shutdown). If no fsck is required, it continues by setting the system time (from the hardware clock), and configures plug-and-play devices.

Then it proceeds to load any required kernel modules (for hardware such as the ethernet or sound cards), and configures runtime kernel parameters. Next, it checks for a forced fsck on any non-root filesystems, and then mounts non-root filesystems in fstab. It then enables swapping (/sbin/swapon -a), and cleans up temporary files and ensures the integrity of the temp folder (creating /tmp/.ICE-unix and /tmp/.Xll-unix if they are not present).

Next, it attempts to umount and remove any leftover files in /initrd, before creating a fresh utmp file. The MOTD is then set to reflect the current kernel level, and checks if there are any System V init scripts to be run at the current runlevel.

Source: inittab file

Due to the BSD-style initialization, the actual kernel modules are run from /etc/rc.d/rc.modules, and are explicitly loaded via modprobe[10].

As opposed to System V convention (which uses /etc/rc.d/rc(runlevel).d/ directories to house scripts), the primary script in DVL is run from /etc/rc.d/rc.M. This defines the system hostname, activates PCMCIA support, activates the firewall, starts network services, launches Inetd and OpenSSH, Bind, NIS, and NFS; starts system logging, smartd, cron, atd, MySQL, Apache, Samba, and any System V init scripts that have been added.[10]
==References==
[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com

[9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

[10]http://openskill.info/infobox.php?IDbox=1042

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T00:38:23Z

Amurphy7:

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T00:15:51Z

Amurphy7:

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T00:15:11Z

Amurphy7:

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-11-14T00:04:39Z

Amurphy7:

COMP 3000 Distribution Sign-up 2011

2011-10-16T21:52:17Z

Amurphy7:

Sign up for the distribution you want to report on here. Note that others are also editing page so verify that the page hasn't been mangled after you make your changes. To help with this, try to only edit the section for the appropriate alphabet range (e.g., Ubuntu should go under T-V).

Note that no more than two people may sign up for each distribution. If two people sign up for a distribution, you two '''should be working together''' on a joint report. If you are not working together, then note that the person who picked the distribution gets a 10% bonus: that person, after all, did the work to find the distribution.

Please sign up with your wiki name (which, generally, should be the same as your connect username). See [http://www.distrowatch.com Distrowatch] to see what distributions are out there. Also, search for types of operating system distributions.

Please '''do not''' sign up for a major distribution. This includes but is not limited to the major distributions listed by Distrowatch. Pick out something specialized and obscure! If in doubt, please email the instructors and TAs.

If you are submitting your report on the wiki, please add a link to it as shown in the example. Please title the page using the name of your distribution, not your name.

Further information on the report is [[COMP 3000 Distribution Report Specifications 2011|here]].

Example entry:

* [http://www.ubuntu.com Ubuntu]: asomayaj, snetimar ([[COMP 3000 2011 Report: Ubuntu|Report]])

==Distributions A-D==
[http://alpinelinux.org/ Alpine Linux]: mevans

[http://www.apodio.org/ APODIO]: mbrowna ([[COMP 3000 2011 Report: APODIO|Report]])

BackTrack: dcarson

[http://Caine-Live.net/ CAINE Linux]: nyoung2 ([[COMP 3000 2011 Report: CAINE|Report]])

Chromium OS(Chrome OS): baathari

[http://crunchbanglinux.org/ CrunchBang]: drewmartin ([[COMP 3000 2011 Report: CrunchBang|Report]])

[http://crux.nu/ CRUX]: zzhou6

Damn Small Linux: MartyV

Damn Vulnerable Linux: amurphy7 , vsanthir ([[COMP 3000 2011 Report: Damn Vulnerable Linux|Report]])

[http://www.doudoulinux.org/ DoudouLinux]:fmcyamwe,tchopel

==Distributions E-H==

[http://www.funtoo.org/ Funtoo]: porter.nicolas

[http://www.gentoo.org/ Gentoo]: Bobbybobbets

[http://www.gobolinux.org/ GoboLinux]: NameGoesHere

[http://haiku-os.org/ Haiku]: nhoda, thildebr

[http://hannahmontana.sourceforge.net/Site/Home.html Hannah Montana Linux]: ksubedi

==Distributions I-M==
Incognito Live System: bwernik

[http://www.inquisitor.ru/ Inquisitor]: atchekan ([[COMP 3000 2011 Report - Part 1 of 3: Inquisitor|Report]])

[http://www.jolicloud.com/ Joli OS (Jolicloud)]: nkathrad tsukasa19

[http://www.dee.su/liberte/ Liberté Linux]: Murals

[http://www.spi.dod.mil/lipose.htm Lightweight Portable Security]: jeckhard

[http://linhes.org/bugs/ LinHes]:jmarcha1 ([[COMP 3000 2011 Report: LinHES|Report]])

[http://live.linux-gamers.net/ linuX-Gamers Live]: dlpkelly

Linux Mangaka One: AsoCchahal ([[COMP 3000 2011 Report: AsoCchahal|Report]])

[http://lubuntu.net/ Lubuntu]: falaskar, jboucha2 ([[COMP 3000 2011 Report: Lubuntu|Report]])

[http://www.lunar-linux.org/ Lunar Linux]: rwolfe

[http://www.menuetos.net/ MenuetOS]: Caesar, Vangelis

[http://puppylinux.org/wikka/LegacyOS/ Legacy OS]:rnyssanb

[http://macpup.org/ Macpup]: kbyrd, rcarrot1 ([[COMP 3000 2011 Report: Macpup|Report]])

==Distributions N-P==

[http://partedmagic.com/doku.php Parted Magic]: erhodes

[http://perllinux.sourceforge.net/ Perl/Linux]:ttian1

Privatix Live-System: gbooth, sbrett ([[COMP 3000 2011 Report: Privatix|Report]])

[http://puppylinux.org/ Puppy Linux]: mwooff, jnrahme ([[COMP 3000 2011 Report: PuppyLinux|Report]])

[http://www.pinguyos.com/ PinguyOS]: ssivara, uramazan (pdawod)

[http://www.en.poseidonlinux.org/ Poseidon Linux]: 36chambers

PC-BSD : todetoyi, qliu1 ([[COMP 3000 2011 Report: qliu|Report]])

[http://www.parsix.org/ Parsix GNU/Linux]: tzhang1, jzhang

[http://www.puredyne.org/ Puredyne]: Carlton

==Distributions Q-S==
[http://qubes-os.org/Home.html Qubes]:

[http://bkhome.org/quirky/ Quirky]: Qingming_no_lisca

[http://www.swiftlinux.org/ Swift Linux]: mabadeer, Yliu11([[COMP 3000 2011 Yunpeng Liu's Report: Swift Linux|Report]])

[http://www.salineos.com/ SalineOS]: drhill ([[COMP 3000 2011 Drhill's Report: SalineOS 1.4|Report]])

[http://www.slackware.com/ Slackware]: sturnbu5 ([[COMP 3000 2011 Report: Slackware 13.37|Report]])

[http://www.slax.org/ SLAX]: Andre Song

[http://www.slitaz.org/en/ SliTaz]: Bobbybobbets

[http://sourcemage.org/projects/source-mage/wiki Source Mage]: deadlytea ([[COMP 3000 2011 Report: Source Mage|Report]])

[http://www.stresslinux.org/sl/ StressLinux]: achaddad

[http://sourceforge.net/projects/suicide-linux/ Suicide-Linux]:

[http://www.sabayon.org/ Sabayon Linux]: mabdirah, selmoafi

==Distributions T-W==
[http://tails.boum.org/index.en.html/ TAILS]: Khorrus

[http://bellard.org/tcc/tccboot.html TCCBOOT: TinyCC Boot Loader]:

[http://distro.ibiblio.org/tinycorelinux/welcome.html/ Tiny Core Linux ]: aadegbem ([[Comp 3000 2011 Report: Tiny Core Linux|Report]])

[http://www.minimalinux.org/ttylinux/ ttylinux]: kmacmart

Vector: judethedude,Lkuate ([[ VectorLinux|Report]])

[http://www.planetwatt.com/ wattOS]: JPAL

[http://ubuntustudio.org/ Ubuntu Studio]: Chashem and Jbyford ([[Editing COMP 3000 2011 Report: Ubuntu Studio|Report]])

==Distributions X-Z==
[http://www.zentyal.com/ Zentyal]: cyu3 ([[COMP 3000 2011 Report: Zentyal|Report]])

[http://www.zenwalk.org/ Zenwalk]: mgizbert ([[Editing COMP 3000 2011 Report: Zenwalk|Report]])

[http://http://www.zeroshell.net/ ZeroShell]: bvardal ([[Editing COMP 3000 2011 Report: ZeroShell|Report]])

[http://www.zorin-os.com/ Zorin]: awillman

[http://www.xbmc.org/ XBMC]: awallac1, ketsiagb

[http://www.xubuntu.org/ Xubuntu]: ernibek, Komarova

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-10-16T21:51:09Z

Amurphy7:

File:Starthttpd.png

2011-10-16T21:49:28Z

Amurphy7:

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-10-16T21:48:52Z

Amurphy7:

File:Useridx.png

2011-10-16T21:46:56Z

Amurphy7:

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-10-16T21:45:43Z

Amurphy7: /* Usage Evaluation */

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-10-16T20:42:37Z

Amurphy7: /* Basic Operation */

COMP 3000 2011 Report: Damn Vulnerable Linux

2011-10-16T20:28:26Z