Part I

Background

Damn Vulnerable Linux (DVL) is a Slax-based, live-DVD Linux distribution designed as a sandbox for security testers. DVL intentionally includes outdated and exploitable software, providing its users with the necessary tools to practice security intrusion.[1]

OS Inheritance

Damn Vulnerable Linux is based on Slax[1], a popular bootable CD Linux distribution with a modular design. Slax provides a vast compact collection of pre-installed software and a well-designed user interface.[5]

Initial versions of DVL closely resembled Damn Small Linux, as the developers used the established techniques of DSL to provide small-sized (150MB) ISO releases.[4] The operating system also made use of the Linux 2.4 kernel in use by Damn Small Linux, as it provided additional security exploits that were fixed in later kernels.[4]

Development

Damn Vulnerable Linux was conceived and primarily developed by Dr. Thorsten Schneider, who integrated it into his university lectures on software security at Bielefeld University, Germany.[1] [3]

Schneider, then a member of the International Institute for Training, Assessment, and Certification (IITAC)[2], partnered with colleague Kryshaam of the French Reverse Engineering Team with the goal of creating a “plug-and-play system” that had “all the required tools installed” for training purposes, simply necessitating that the user to “run DVL in a virtual machine” to begin active learning.[4]

While initial releases maintained a close relationship to Damn Small Linux, the developers later decided to model the operating system after Backtrack 2.0. The latest release, Damn Vulnerable Linux 1.5: Infectious Disease, is downloadable as a 1.8GB ISO file.[6]

Target Audience

Damn Vulnerable Linux began as a functional tool for teaching students the importance of security. With its public release, Dr. Schneider and Kryshaam decided to continue this functionality, packaging a large collection of “tools, workbooks, text tutorials, and exploits” along with the operating system.[4] They later released their own mini-lectures on the main website, in the form of video tutorials. The first of these detailed how to cause a buffer overflow error.[4]

As with many Linux distributions, once in public domain DVL quickly found itself as the centerpiece of various community discussion groups. Users found alternative uses for the operating system, including as a secondary tool for testing the security exploitation and intrusion devices of Backtrack.[7]

Obtaining A Copy

The main website for Damn Vulnerable Linux has been offline for several months, reportedly having been taken offline due to German security laws.[9] It is possible to obtain an ISO copy of Damn Vulnerable Linux from Sourceforge.[6]

Installation / Startup

To install Damn Vulnerable Linux, make sure to obtan the most recent ISO file from Sourceforge.[6]

VMware Player Settings

Figure 1: VMware Guest OS Settings

1. Using VMware Player, Create a new virtual machine.
2. Choose the option to install from disc image file, and browse to find the ISO location on your machine.
3. When VMware prompts for the guest operating system, select ‘Linux’ and then ‘Other Linux 2.4.x kernel’ before proceeding.
4. When naming the virtual machine, enter ‘DVL’ and select next.
5. The default disk capacity and hardware settings are sufficient, so proceed through these stages without making any changes. Click Finish.
6. Click enter to boot the system. This should take between 10 and 30 seconds.
7. After the system successfully boots, login as ‘root’ with password ‘toor’.
8. To switch from the command line to a graphical interface, type ‘startx’.

Figure 2: Login Screen After Successful Boot

Figure 3: Starting The GUI

~

Basic Operation

The graphical interface offered by DVL is very minimalistic and utilitarian. The desktop itself is populated solely with shortcuts to services, to provide a quick way to enable/disable various components - SSH, Apache, Mysql, PHP, etc. - or quick access to development environments such as C++ and Java.

The bottom menu panel contains a typical ‘start’ menu, as well as fast access to the terminal, two browsers (Firefox and Konqueror) and a text editor.

The ‘start’ menu further mirrors the icons on the desktop, organized in a ‘Services’ category, as well as providing shortcuts to the training material and other tools.

The overall organization of utilities is superb, as is the variety and quantity included. IDEs for many languages are evident, ranging from Dr. Scheme to Eclipse and JEdit; IDA free and Ollydbg also number among the disassemblers and debuggers that are provided. DVL contains all the necessary development software that its users require.

Usage Evaluation

Damn Vulnerable Linux comes packaged with a large collection and assortment of tutorials, as well as their solutions. In this basic usage evaluation, I will examine the board51 package.

As web tutorials are accessed through localhost, to begin the tutorial necessitates first launching Apache, via the HTTPD shortcut on the desktop.

Board51 System

While there are many exploits detailed within DVL, this evaluation will characterize the operations of the board51 admin attack. As Damn Vulnerable Linux conveniently provides outdated software, this is an example of an attack that will not work on live pages - the error has since been fixed.

The 51 scripts software provide a forum, board and news system, and were previously found at www.laforge-groups.de. This security attack exploits the data storage system used by the software, primarily by retrieving the md5 hashes of user accounts and passwords from the storage file.

The Breach

By default, board51 stores the md5 hashes of user accounts in a public file, with read access available to everyone. To access this information, an attacker needs only browse to /boarddata/data/user.idx, and then proceed to decrypt the md5 hash.

Prevention

The administrator of a board51 website can prevent this attack by changing the privileges to the data folder and its files through chmod.

Overall Evaluation

Damn Vulnerable Linux is very effective at presenting a testbed for exploiting real cases of security flaws. It accomplishes its stated goal of teaching the importance of security, and displays the cruciality of reinforcing every component of software.

The ease-of-use is phenomenal, and the quantity of historical exploits from live software solidifies DVL as an essential learning tool for all security enthusiasts.

References

[1] http://distrowatch.com/table.php?distribution=dvl

[2] http://web.archive.org/web/20070303043619/http://www.damnvulnerablelinux.org/index.php?option=com_content&task=view&id=21&Itemid=36

[3]http://www.geek.com/articles/news/damn-vulnerable-linux-the-most-vulnerable-and-exploitable-operating-system-ever-201007

[4]http://web.archive.org/web/20090206193556/http://linux.com/articles/60267

[5]http://distrowatch.com/table.php?distribution=slax

[6]http://sourceforge.jp/projects/sfnet_virtualhacking/downloads/os/dvl/DVL_1.5_Infectious_Disease.iso/

[7]http://forums.hak5.org/index.php?showtopic=11389

[8]http://www.damnvulnerablelinux.com [9]http://www.reddit.com/r/linux/comments/fid3k/damn_vulnerable_linux_is_gone/

notes: dont have a box to properly install dsl on and attempt to break in with bt3