[Tfug] Damn Vulnerable Linux

Jim Secan jim at nwra.com
Wed Sep 15 14:38:22 MST 2010


Funny that you brought this up.  A research facility at which I sometimes work had two Linux systems on their LAN rooted a month or so ago.  Turns out the researcher who owned the boxes was running a really old version of Slackware (!) on some really old hardware.  He wasn't updating it because his code would only work on this distro configured in some special way.  His boxes had been rooted via a well-known (and long-known) weakness in one of the comm protocols.  Those boxes were physically removed from the premises by the sysadmin (I believe one of them was physically thrown).  I suspect what he was running would have fit this DVL paradigm to a tee.

Jim

On Sep 15, 2010, at 10:15 AM, Angus Scott-Fleming wrote:

> Enjoy!
> 
> ============= Included Stuff Follows =============
> The Most Vulnerable and Exploitable Operating System Ever? Damn Vulnerable 
> Linux | NetworkWorld.com Community
> 
>    OK, put your arrows, stones and guns away please. I am not saying every 
>    version of Linux is the most vulnerable and exploitable OS ever. But 
>    Damned Vulnerable Linux very well may be. But why not, that is exactly 
>    what its developers want it to be.
> 
>    The brainchild of Dr. Thorsten Schneider of Bielefeld University, DVL was 
>    designed to build up a training system that he could use for his 
>    university lectures. His goal "was to design a Linux system that was as 
>    vulnerable as possible, to teach topics such as reverse code engineering, 
>    buffer overflows, shellcode development, Web exploitation, and SQL 
>    injection." 
> 
>    DVL is made up of older and vulnerable packages like older versions of 
>    Apache, MySQL, PHP, and FTP and SSH daemons. There are also tools like 
>    GCC, GDB, NASM, strace, ELF Shell, DDD, LDasm, LIDa to help students 
>    decompile and reverse engineer some of the packages in the Linux distro.
> 
> ============= Included Stuff Ends =============
> More here with links:
> http://www.networkworld.com/community/blog/most-vulnerable-and-exploitable-operating-sys
> http://preview.tinyurl.com/26u57vd
> 
> --
> Angus Scott-Fleming
> GeoApps, Tucson, Arizona
> 1-520-290-5038
> Security Blog: http://geoapps.com/
> 
> 
> 
> 
> 
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> http://www.tfug.org/mailman/listinfo/tfug_tfug.org





More information about the tfug mailing list